CVE-2019-1678
Cisco Meeting Server Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected.
Una vulnerabilidad en Cisco Meeting Server podría permitir que un atacante remoto autenticado provoque una denegación de servicio parcial (DoS) en los usuarios de la aplicación Cisco Meetings que se emparejan con un endpoint SIP (Session Initiation Protocol). Esta vulnerabilidad se debe a una validación incorrecta de los parámetros de configuración de coSpaces. Un atacante podría explotar esta vulnerabilidad insertando cadenas manipuladas en parámetros coSpace específicos. Su explotación podría permitir al atacante evitar que los clientes se unan a una llamada en conferencia en el coSpace afectado. Las versiones anteriores a la 2.4.3 se han visto afectadas.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2018-12-06 CVE Reserved
- 2019-02-07 CVE Published
- 2023-07-08 EPSS Updated
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/106943 | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cms-dos | 2023-03-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | 2.3.6 Search vendor "Cisco" for product "Meeting Server" and version "2.3.6" | - |
Affected
|