Improper input validation in Cisco Meeting Server - CVE-2018-0371
Published: June 20, 2018 / Updated: June 21, 2018
Vulnerability identifier: #VU13406
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0371
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Meeting Server
Cisco Meeting Server
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the Web Admin Interface of Cisco Meeting Server due to insufficient validation of incoming HTTP requests. A remote attacker can send a specially crafted HTTP request to the Web Admin Interface and cause the system to restart, terminating all ongoing calls.
How to mitigate CVE-2018-0371
The vulnerability is addressed in the versions 2.2.13, 2.3.4.