You are here
Home > Preporuke > Ranjivost u Cisco Meeting Server Media Services

Ranjivost u Cisco Meeting Server Media Services

by Petar Bertok - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Meeting Server Media Services Denial of Service Vulnerability

Advisory ID: cisco-sa-20180516-msms

Revision: 1.0

For Public Release: 2018 May 16 16:00 GMT

Last Updated: 2018 May 16 16:00 GMT

CVE ID(s): CVE-2018-0280

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJa/FiOXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczfsQP+wRLRJh47fkL3lcupk+6+qs9wkZa
0HC8ujMPD9/ekdZMhiYlsgccsP5/92AH+jHGfOcW7+/BAxD4RgAMKowpm8vGyOe2
iCsv+4jiUcNlZwHwl+VidzGsJFun1qPs2nKn07I4uQCHgTV0qzSLCx3SS2z1SrXM
DproAWoBPusWoNPWglbKAJCZ/F00qQaA+6+G9MfOldI1yz9kp5msVurrGS2rWfjb
lkRkjwQPxTBvsSwUAphV7O8ab6pAOnkC2tnCFH9Dve73ZNFAU7BP3zTOhvxpaRne
bbba9tuHn3QnusIoMWEIVSXMzZSATOn7o3zY9ayYKlX+ylzSDoXCMhjNK5zXBkHv
utSmlHVXY5cQgLlrZAjMEGX9MZqZTij0CSoAemD3kfNiei+PUajN/FHGyRYYPBBq
kQanbeq43DPz6h1r//8nqBS2QUE7tdw9CVXLXtbQSK9oH2ZhuRyOn6f31BwFR8Oc
R0785h4voOJvMiQ8xW4qJvnAwkybYJNQVtcC5zaMRBparBwxtduSzaFSvqyGsiZa
PGuE0VYPmodhRXTxIzejkxgbLh4UlAya5CPJuhnsuvdtZRZLr8x0ztEltLTkqayi
voIybSy0oZnjcjP0ZvmXVizML0M7/FG6CFXzE872e2rXiw1IPom3xu2GMrar3Rig
ioAVZM9NNMDC2u/c
=Bqsq
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Petar Bertok
Top
More in Preporuke
Ranjivost u Cisco Enterprise NFV Infrastructure Software programskom paketu

Otkrivena je ranjivost u scp protokolu za Cisco Enterprise NFVIS programski paket. Ranjivost je uzrokovana nepravilnom provjerom valjanosti naredbenih argumenata,...

Close