Cisco Digital Content Manager Message Processing Denial of Service Vulnerability

A vulnerability in Cisco Digital Content Manager (DCM) could allow an unauthenticated, remote attacker to crash the system mainboard.

The vulnerability is due to the DCM receiving malformed ad messages from the ad server, which could trigger a system reboot. An attacker could exploit this vulnerability by sending malicious ad messages to the DCM. A successful exploit could cause the system to reboot, resulting in a denial of service (DoS) condition.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, the attacker must obtain information about the operating environment and the system must be configured in a way rarely seen in practice. The attacker may use social engineering techniques to attempt to obtain information about the operating environment in which the targeted system resides.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.