First published: Thu May 17 2018(Updated: )
A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product. This vulnerability affects Cisco Meeting Server deployments that are running Cisco Meeting Server Software Releases 2.0, 2.1, 2.2, and 2.3. Cisco Bug IDs: CSCve79693, CSCvf91393, CSCvg64656, CSCvh30725, CSCvi86363.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Meeting Server | =2.0 | |
Cisco Meeting Server | =2.1 | |
Cisco Meeting Server | =2.2 | |
Cisco Meeting Server | =2.2.5 | |
Cisco Meeting Server | =2.2.8 | |
Cisco Meeting Server | =2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0280 is a vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
CVE-2018-0280 has a severity rating of 7.5 (high).
CVE-2018-0280 affects Cisco Meeting Server versions 2.0, 2.1, 2.2, 2.2.5, 2.2.8, and 2.3.
An attacker can exploit CVE-2018-0280 by sending specially crafted RTP bitstreams to the vulnerable Cisco Meeting Server, causing a denial of service condition.
Yes, Cisco has released security updates to address the vulnerability. It is recommended to update to a fixed software release as soon as possible.