#VU17424 Input validation error in Cisco Meeting Server - CVE-2019-1676
Published: February 7, 2019
Vulnerability identifier: #VU17424
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-1676
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Meeting Server
Cisco Meeting Server
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can send a specially crafted SDP message to the CMS call bridge and cause the CMS to reload, causing a DoS condition for all connected clients.
Remediation
The vulnerability has been fixed in the versions 2.3.9, 2.2.14.