PT-2019-1988 · Cisco · Cisco Expressway Series+1
Published
2019-04-17
·
Updated
2019-10-09
·
CVE-2019-1720
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Expressway Series versions prior to X12.5.1
Cisco TelePresence Video Communication Server versions prior to X12.5.1
Description
The issue is caused by insufficient input validation in the XML API, allowing a remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this by sending a specifically crafted XML payload, leading to 100% CPU utilization and exhausting CPU resources. This results in a DoS condition that persists until the system is manually rebooted.
Recommendations
For Cisco Expressway Series versions prior to X12.5.1, update to version X12.5.1 or later to resolve the issue.
For Cisco TelePresence Video Communication Server versions prior to X12.5.1, update to version X12.5.1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the XML API to minimize the risk of exploitation.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Expressway Series
Cisco Telepresence Video Communication Server