CVE-2021-40122
Cisco Meeting Server Call Bridge Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition.
Una vulnerabilidad en una API de la función Call Bridge de Cisco Meeting Server podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS). Esta vulnerabilidad es debido al manejo inapropiado de grandes series de peticiones de mensajes. Un atacante podría aprovechar esta vulnerabilidad mediante el envío de una serie de mensajes a la API vulnerable. Una explotación con éxito podría permitir al atacante causar la recarga del dispositivo afectado, dejando caer todas las llamadas en curso y resultando en una condición de DoS
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-08-25 CVE Reserved
- 2021-10-21 CVE Published
- 2024-07-05 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-404: Improper Resource Shutdown or Release
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | <= 3.1 Search vendor "Cisco" for product "Meeting Server" and version " <= 3.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Meeting Server Search vendor "Cisco" for product "Meeting Server" | >= 3.2 < 3.2.3 Search vendor "Cisco" for product "Meeting Server" and version " >= 3.2 < 3.2.3" | - |
Affected
|