CiscoCVELIST:CVE-2019-1720CVE-2019-1720 Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.1%
A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.
CNA Affected
[
{
"product": "Cisco TelePresence Video Communication Server (VCS) ",
"vendor": "Cisco",
"versions": [
{
"lessThan": "X12.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.1%