CVE Vulnerability

CVE-2019-1676

A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-meeting-sipdos Vendor Advisory
http://www.securityfocus.com/bid/106909 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*
Information

Published : 2019-02-08 06:29

Updated : 2019-10-09 11:47

NVD link : CVE-2019-1676

Mitre link : CVE-2019-1676

Products Affected
No products.
CWE
CWE-20