Main Vulnerability Database SB2017101913

SB2017101913 - Denial of service in Cisco Expressway Series and Cisco TelePresence Video Communication Server

Published: October 19, 2017 Updated: May 23, 2018

Security Bulletin ID SB2017101913

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper input validation (CVE-ID: CVE-2017-12287)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote authenticated attacker to cause DoS conditions.

The weakness exists in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software due to incomplete input validation of URL requests by the REST API. A remote attacker can send a specially crafted URL to the REST API and cause the CDB process on an affected system to restart.

Successful exploitation of the vulnerability may result in denial of service.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-t...