First published: Wed Aug 15 2018(Updated: )
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Video Communication Server | =x7.0.1 | |
Cisco TelePresence Video Communication Server | =x7.2.4 | |
Cisco TelePresence Video Communication Server | =x8.1 | |
Cisco TelePresence Video Communication Server | =x8.2.2 | |
Cisco TelePresence Video Communication Server | =x8.5 | |
Cisco TelePresence Video Communication Server | =x8.6 | |
Cisco TelePresence Video Communication Server | =x8.7 | |
Cisco TelePresence Video Communication Server | =x8.8 | |
Cisco TelePresence Video Communication Server | =x8.9 | |
Cisco TelePresence Video Communication Server | =x8.10 | |
Cisco TelePresence Video Communication Server | =x8.10.4 | |
Cisco Unified Communications Manager IM and Presence Service | =11.5 | |
Cisco Unified Communications Manager IM and Presence Service | =11.5\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0409 is a vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway.
CVE-2018-0409 affects Cisco TelePresence Video Communication Server running versions x7.0.1, x7.2.4, x8.1, x8.2.2, x8.5, x8.6, x8.7, x8.8, x8.9, x8.10, and x8.10.4.
CVE-2018-0409 affects Cisco Unified Communications Manager IM & Presence Service running version 11.5 and 11.5(1).
CVE-2018-0409 has a severity value of 7.5 (high).
To fix CVE-2018-0409, it is recommended to apply the necessary patches and updates provided by Cisco.