Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the Impact server Java process of Cisco Prime Central for Hosted Collaboration Solution (HCS) could allow an unauthenticated, remote attacker to crash the Impact server Java process.

The vulnerability is due to the Impact server Java process consuming available resources. An attacker could exploit this vulnerability by sending a TCP flood to the Impact server. An exploit could allow an attacker to crash the Java process, which requires a system restart to recover.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker must have the ability to send a TCP flood to a targeted device which may reside on trusted, internal networks in which the attacker would likely need access to. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.