CVE-2019-1676

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGH
EPSS
0.7%
top 27.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Meeting ServerCisco Meeting Server
Timeline
PublishedFeb 8
Latest updateMay 13

Description

A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload,

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

NVDcisco/meeting_server2.3.02.3.9
CVEListV5cisco/cisco_meeting_serverunspecified2.3.9

🔴Vulnerability Details

2
GHSA
GHSA-hpfq-w7vm-jxqp: A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote2022-05-13
CVEList
Cisco Meeting Server SIP Processing Denial of Service Vulnerability2019-02-08

📋Vendor Advisories

1
Cisco
Cisco Meeting Server SIP Processing Denial of Service Vulnerability2019-02-06
CVE-2019-1676 (HIGH CVSS 7.5) | A vulnerability in the Session Init | cvebase.io