CVE-2019-1676

Name of the Vulnerable Software and Affected Versions Cisco Meeting Server versions prior to 2.3.9

Description The issue is caused by insufficient validation of Session Description Protocol (SDP) messages in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server. This could allow a remote attacker to cause a denial of service (DoS) condition by sending a specially crafted SDP message to the call bridge, resulting in the server reloading and disrupting service for all connected clients.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIP call processing module to minimize the risk of exploitation. Avoid using the SDP protocol in the affected API endpoint until the issue is resolved.