PT-2019-1982 · Cisco · Cisco Expressway Series+1

Published

2019-04-17

·

Updated

2020-10-07

·

CVE-2019-1721

CVSS v3.1

7.7

High

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Cisco Expressway Series versions prior to X12.5.1 Cisco TelePresence Video Communication Server versions prior to X12.5.1
Description A vulnerability exists due to improper handling of XML input, allowing an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The attacker could exploit this by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device, exhausting CPU resources and requiring manual intervention for recovery.
Recommendations For Cisco Expressway Series versions prior to X12.5.1, update to Release X12.5.1 or later. For Cisco TelePresence Video Communication Server versions prior to X12.5.1, update to Release X12.5.1 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-01675
CVE-2019-1721

Affected Products

Cisco Expressway Series
Cisco Telepresence Video Communication Server