#VU9505 Denial of service in Cisco Meeting Server - CVE-2017-12362

Cybersecurity Help s.r.o.

Published: 2017-12-01

Vulnerability identifier: #VU9505

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12362

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Meeting Server
Client/Desktop applications / Multimedia software

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to video calls being made on systems with a particular configuration. A remote attacker with knowledge of a valid URI that directs to a Cisco Meeting Server can make a video call and cause the system to reload.

Mitigation
Update to version 2.2.

Vulnerable software versions

Cisco Meeting Server: 2.0 - 2.1.4

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Cisco Meeting Server