CVE-2019-1845

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM and Presence Service (affected versions not specified) Cisco TelePresence Video Communication Server (affected versions not specified) Cisco Expressway Series (affected versions not specified)

Description A vulnerability in the authentication service could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The issue is due to insufficient controls for specific memory operations and insufficient input validation. An attacker could exploit this by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system, potentially causing an unexpected restart of the authentication service and preventing users from successfully authenticating. Users who were authenticated prior to an attack are not impacted.

Recommendations For Cisco Unified Communications Manager IM and Presence Service, consider temporarily disabling the XMPP authentication service until a patch is available. For Cisco TelePresence Video Communication Server, restrict access to the authentication module to minimize the risk of exploitation. For Cisco Expressway Series, avoid using the XMPP protocol in the affected authentication endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.