CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-1720

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile31.39th
Published2019年4月18日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.

Affected Platforms (CPE)

📦
Cisco

Telepresence Video Communication Server

< x12.5.1

References & Advisories

🔗 http://www.securityfocus.com/bid/108002
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ces-tvcs-dos
🔗 http://www.securityfocus.com/bid/108002
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ces-tvcs-dos

関連する脆弱性情報

CVE-2015-065310.0

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1...

CVE-2016-14688.8

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated us...

CVE-2019-18458.6

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&amp;P) Se...

CVE-2017-37908.6

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) s...