Denial of Service Vulnerability in Cisco Expressway Series and TelePresence VCS Software
CVE-2017-3790
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 1 February 2017
What is CVE-2017-3790?
A potential security vulnerability exists within the Cisco Expressway Series and Cisco TelePresence Video Communication Server software due to insufficient validation of user-supplied data. An unauthenticated remote attacker could exploit this flaw by sending specially crafted H.224 data via RTP packets during an H.323 call, leading to a crash of the application. This can cause a denial of service condition, necessitating a system reload. All affected versions prior to X8.8.2 need immediate upgrading to mitigate this risk, as no workarounds are available.
Affected Version(s)
Cisco Expressway Series Software and Cisco TelePresence VCS Software All prior to version X8.8.2 are vulnerable Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable