Main Vulnerability Database Vulnerabilities #VU13405

Resource exhaustion in Cisco TelePresence Video Communication Server - CVE-2018-0358

Published: June 20, 2018 / Updated: June 21, 2018

Vulnerability identifier: #VU13405

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0358

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco TelePresence Video Communication Server

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the file descriptor handling of Cisco TelePresence Video Communication Server due to exhaustion of file descriptors while processing a high volume of traffic. A remote attacker can establish a high number of concurrent TCP connections, trigger resource exhaustion and cause a restart in a specific process, resulting in a temporary interruption of service.

How to mitigate CVE-2018-0358

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-vcse-dos

Resource exhaustion in Cisco TelePresence Video Communication Server - CVE-2018-0358

Detailed vulnerability description

How to mitigate CVE-2018-0358

Sources

Please verify you're human