CVE-2017-3790

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series Software versions prior to X8.8.2 Cisco TelePresence VCS Software versions prior to X8.8.2

Description A vulnerability in the received packet parser could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. This issue is due to insufficient size validation of user-supplied data. An attacker could exploit this by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call, potentially overflowing a buffer in a cache that belongs to the received packet parser and causing a crash of the application.

Recommendations For Cisco Expressway Series Software versions prior to X8.8.2, update to version X8.8.2 or later. For Cisco TelePresence VCS Software versions prior to X8.8.2, update to version X8.8.2 or later.