SB2017021702 - Remote denial of service in Cisco Meeting Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017021702

SB2017021702 - Remote denial of service in Cisco Meeting Server

Published: February 17, 2017

Security Bulletin ID SB2017021702
Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper input validation (CVE-ID: CVE-2017-3830)

The vulnerability allows a remote authenticated attacker to cause denial of service.

The vulnerability exists due to improper input validation when processing requests sent to port 2829/TCP in internal API of the Cisco Meeting Server (CMS). A remote unauthenticated attacker can send a specially crafted request to port 2829/TCP and cause denial of service.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable service.



Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References