A vulnerability in the Connection Manager component of Cisco Jabber Extensible Communications Platform (Jabber XCP) could allow an unauthenticated, remote attacker to crash the login connection manager service.
The vulnerability is due to insufficient checking of received login data. An attacker could exploit this vulnerability by sending a corrupted stream of login packets.
Cisco has confirmed the vulnerability in a security notice and software updates are available.
To exploit the vulnerability, an attacker may need access to trusted, internal networks to send a series of corrupted login packets to the targeted system. This access requirement may reduce the likelihood of a successful attack.
Customers are advised to review the bug report in the vendor announcements section for a current list of affected versions.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.