CVE-2019-1721 — Improper Input Validation in Cisco Telepresence Video Communication Server

CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 21.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Cisco Telepresence Video Communication Server

Timeline

PublishedApr 18

Latest updateMay 13

Description

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/telepresence_video_communication_server< x12.5.1

▶CVEListV5cisco/cisco_telepresence_video_communication_serverunspecified — X12.5.1

🔴Vulnerability Details

GHSA

GHSA-7qgm-86vq-4g8p: A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authentica↗2022-05-13

▶

CVEList

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability↗2019-04-18

▶

📋Vendor Advisories

Microsoft

.NET Core and Visual Studio Denial of Service Vulnerability↗2021-02-09

▶

Cisco

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability↗2019-04-17

▶