CVE-2020-3163

Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Enterprise (affected versions not specified)

Description A vulnerability in the Live Data server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this by sending multiple crafted Live Data packets to an affected device, potentially causing the device to run out of buffer resources, leading to a stack overflow and resulting in a DoS condition. The Live Data port allows only a single TCP connection, so an attacker would have to send crafted packets before a legitimate Live Data client establishes a connection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.