Main Vulnerability Database Vulnerabilities #VU17424

Input validation error in Cisco Meeting Server - CVE-2019-1676

Published: February 7, 2019

Vulnerability identifier: #VU17424

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1676

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Meeting Server

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can send a specially crafted SDP message to the CMS call bridge and cause the CMS to reload, causing a DoS condition for all connected clients.

How to mitigate CVE-2019-1676

The vulnerability has been fixed in the versions 2.3.9, 2.2.14.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-meeting-sipdos

Input validation error in Cisco Meeting Server - CVE-2019-1676

Detailed vulnerability description

How to mitigate CVE-2019-1676

Sources

Please verify you're human