Denial of Service in Cisco Expressway Series and TelePresence Software
CVE-2017-12287
4.3MEDIUM
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 19 October 2017
What is CVE-2017-12287?
A vulnerability in the cluster database management component of Cisco Expressway Series Software and Cisco TelePresence VCS Software allows an authenticated remote attacker to exploit incomplete input validation of URL requests via the REST API. By sending a specially crafted URL, an attacker could trigger unexpected restarts of the CDB process on affected systems, leading to temporary service disruptions. For more details, please refer to Cisco's security advisory and related Bug IDs.
Affected Version(s)
Cisco Expressway Series and Cisco TelePresence Video Communication Server Cisco Expressway Series and Cisco TelePresence Video Communication Server