CVE-2020-27121

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software (affected versions not specified)

Description A vulnerability in the software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The issue is due to improper handling of login requests. An attacker could exploit this by sending a crafted client login request to an affected device, potentially causing a process to crash and resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected.

Recommendations As a temporary workaround, consider implementing workarounds that address this vulnerability to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.