Guest

Preview Tool

Cisco Bug: CSCus99263 - Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

Last Modified

Aug 14, 2017

Products (1)

  • Cisco TelePresence Video Communication Server (VCS)

Known Affected Releases

X7.2.1

Description (partial)

Symptoms:
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could
allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted
H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache
that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway

Conditions:
Please refer to the Security Advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.