Lucene search

K
ciscoCiscoCISCO-SA-20180815-UCMIMPS-DOS
HistoryAug 15, 2018 - 4:00 p.m.

Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability

2018-08-1516:00:00
tools.cisco.com
29

EPSS

0.005

Percentile

76.3%

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos”]

Affected configurations

Vulners
Node
ciscounified_communications_manager_im_and_presence_serviceMatchany
OR
ciscotelepresence_video_communication_serverMatchanyexpressway
OR
ciscounified_communications_manager_im_and_presence_serviceMatchany
OR
ciscotelepresence_video_communication_serverMatchanyexpressway
VendorProductVersionCPE
ciscounified_communications_manager_im_and_presence_serviceanycpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:any:*:*:*:*:*:*:*
ciscotelepresence_video_communication_serveranycpe:2.3:a:cisco:telepresence_video_communication_server:any:*:*:*:expressway:*:*:*

EPSS

0.005

Percentile

76.3%

Related for CISCO-SA-20180815-UCMIMPS-DOS