Cisco Videoscape Session Resource Manager Denial of Service Vulnerability

A vulnerability in system resource management in the Cisco Videoscape Session Resource Manager (VSRM) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition because the device unexpectedly restarts.

The vulnerability occurs because the VSRM is not installed using best practices and in a secure environment where DoS attacks are prevented before reaching the adjacent network. An attacker could exploit this vulnerability only by being on the adjacent network and directing a flood of traffic at the devices upstream to the VSRM. An exploit could allow the attacker to cause a DoS condition. The VSRM resumes normal operation when the attack ceases on the upstream devices.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-vsrm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-vsrm”]