CVE-2017-6763

Name of the Vulnerable Software and Affected Versions Cisco Meeting Server (CMS) version 2.1.4

Description A denial of service condition can be caused by an unauthenticated, remote attacker due to improper validation of Fragmentation Unit (FU-A) protocol packets in the H.264 protocol implementation. An attacker can exploit this by sending a crafted H.264 FU-A packet, potentially causing an unexpected restart of the CMS media process and a brief interruption of media traffic for certain users.

Recommendations For Cisco Meeting Server (CMS) version 2.1.4, update the software to a version that properly validates FU-A protocol packets to prevent the denial of service condition.