Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities

Bugtraq ID:	52214
Class:	Design Error
CVE:	CVE-2012-0330 CVE-2012-0331
Remote:	Yes
Local:	No
Published:	Feb 29 2012 12:00AM
Updated:	Feb 29 2012 12:00AM
Credit:	Cisco
Vulnerable:	Cisco TelePresence Video Communication Server (VCS) X7.0
Not Vulnerable:	Cisco TelePresence Video Communication Server (VCS) X7.0.1

Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities

Cisco TelePresence Video Communication Server is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to cause the device to crash, denying service to legitimate users.

The issues are documented by Cisco Bug IDs CSCtr20426 and CSCtq73319.

Cisco TelePresence Video Communication Server versions prior to X7.0.1 are vulnerable.

Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities

To exploit this issue, attackers can use readily available network utilities.

Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities

Solution:
The vendor has released updates. Please see the referenced advisory for details.

Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities

References:

• Cisco TelePresence Video Communication Server (VCS) (Cisco)
  
• Cisco TelePresence Video Communication Server Session Initiation Protocol Denial (Cisco)