Published: 22/01/2014 Updated: 29/08/2017
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Summary

The SIP module in Cisco TelePresence Video Communication Server (VCS) prior to 8.1 allows remote malicious users to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.

Affected Products

Vendor Product Versions
CiscoTelepresence Video Communication Server SoftwareX6.0, X6.1, X7.1, X7.2, X7.2.1, X7.2.2
CiscoTelepresence Video Communication Servers SoftwareX7.0, X7.0.1, X7.0.2, X7.0.3

Vendor Advisories

Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded Cisco has released software updates that addr ...