CVE-2018-0280

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Meeting Server
Timeline
PublishedMay 17
Latest updateMay 13

Description

A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco_meeting_server_media_servicesCisco Meeting Server Media Services
NVDcisco/meeting_server6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-xg5x-8687-g7x5: A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote atta2022-05-13
CVEList
CVE-2018-0280: A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote atta2018-05-17

📋Vendor Advisories

1
Cisco
Cisco Meeting Server Media Services Denial of Service Vulnerability2018-05-16
CVE-2018-0280 (HIGH CVSS 7.5) | A vulnerability in the Real-Time Tr | cvebase.io