CVE-2017-6648

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Codec Software versions prior to 7.3.8 Cisco Collaboration Endpoint (CE) Software versions prior to 8.3.0

Description The issue is related to errors in resource management within the Session Initiation Protocol (SIP) of the affected software. It can be exploited by a remote attacker to impact the availability of services and information by sending multiple SIP INVITE packets, potentially causing a denial of service (DoS) condition. This could allow the attacker to cause the device to reload unexpectedly.

Recommendations For Cisco TelePresence Codec Software versions prior to 7.3.8, update to version 7.3.8 or later. For Cisco Collaboration Endpoint (CE) Software versions prior to 8.3.0, update to version 8.3.0 or later. As a temporary workaround, consider restricting access to the SIP protocol to minimize the risk of exploitation. Avoid using the SIP INVITE packets in the affected API endpoint until the issue is resolved.