CVE-2018-0409

2018-08-1520:00:00

CWE-20

cisco

www.cve.org

EPSS

0.005

Percentile

76.3%

JSON

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.

CNA Affected

[
  {
    "product": "Unified Communications Manager IM & Presence Service (CUCM IM&P)",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "TelePresence Video Communication Server (VCS) and Expressway",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]