Denial of Service Vulnerability in Cisco TelePresence Video Communication Server
CVE-2016-1338

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 12 March 2016

What is CVE-2016-1338?

A vulnerability exists in the Cisco TelePresence Video Communication Server (VCS) versions X8.5.1 and X8.5.2, which could allow remote authenticated users to create a denial of service scenario. This is achieved by sending a specially crafted Session Initiation Protocol (SIP) message that disrupts VoIP communications, leading to potential service outages. Administrators should take immediate action to update their systems to mitigate the risks associated with this vulnerability.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2016
Vulnerability Reserved
Jan 4, 2016