#VU7982 Denial of service in Cisco TelePresence Video Communication Server - CVE-2017-6790
Vulnerability identifier: #VU7982
Vulnerability risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco TelePresence Video Communication Server
Server applications /
Other server solutions
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists n the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) due to excessive SIP traffic sent to the device. A remote attacker can transmit large volumes of SIP traffic to the VCS and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Cisco TelePresence Video Communication Server: All versions
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
