CVE-2019-1676
Summary
| CVE | CVE-2019-1676 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-08 18:29:00 UTC |
| Updated | 2019-10-09 23:47:00 UTC |
| Description | A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Meeting Server | All | All | All | All |
| Application | Cisco | Meeting Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Meeting Server SIP Processing Denial of Service Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco Meeting Server CVE-2019-1676 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.