CVE-2018-0409: Input Validation
First published: Wed Aug 15 2018(Updated: )
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco TelePresence Video Communication Server | =x7.0.1 | |
| Cisco TelePresence Video Communication Server | =x7.2.4 | |
| Cisco TelePresence Video Communication Server | =x8.1 | |
| Cisco TelePresence Video Communication Server | =x8.2.2 | |
| Cisco TelePresence Video Communication Server | =x8.5 | |
| Cisco TelePresence Video Communication Server | =x8.6 | |
| Cisco TelePresence Video Communication Server | =x8.7 | |
| Cisco TelePresence Video Communication Server | =x8.8 | |
| Cisco TelePresence Video Communication Server | =x8.9 | |
| Cisco TelePresence Video Communication Server | =x8.10 | |
| Cisco TelePresence Video Communication Server | =x8.10.4 | |
| Cisco Unified Communications Manager IM and Presence Service | =11.5 | |
| Cisco Unified Communications Manager IM and Presence Service | =11.5\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-0409?
CVE-2018-0409 is a vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway.
How does CVE-2018-0409 affect Cisco TelePresence Video Communication Server?
CVE-2018-0409 affects Cisco TelePresence Video Communication Server running versions x7.0.1, x7.2.4, x8.1, x8.2.2, x8.5, x8.6, x8.7, x8.8, x8.9, x8.10, and x8.10.4.
How does CVE-2018-0409 affect Cisco Unified Communications Manager IM & Presence Service?
CVE-2018-0409 affects Cisco Unified Communications Manager IM & Presence Service running version 11.5 and 11.5(1).
What is the severity of CVE-2018-0409?
CVE-2018-0409 has a severity value of 7.5 (high).
How can I fix CVE-2018-0409?
To fix CVE-2018-0409, it is recommended to apply the necessary patches and updates provided by Cisco.
- collector/nvd-index
- vendor/cisco
- canonical/cisco telepresence video communication server
- version/cisco telepresence video communication server/x7.0.1
- version/cisco telepresence video communication server/x7.2.4
- version/cisco telepresence video communication server/x8.1
- version/cisco telepresence video communication server/x8.2.2
- version/cisco telepresence video communication server/x8.5
- version/cisco telepresence video communication server/x8.6
- version/cisco telepresence video communication server/x8.7
- version/cisco telepresence video communication server/x8.8
- version/cisco telepresence video communication server/x8.9
- version/cisco telepresence video communication server/x8.10
- version/cisco telepresence video communication server/x8.10.4
- canonical/cisco unified communications manager im and presence service
- version/cisco unified communications manager im and presence service/11.5
- version/cisco unified communications manager im and presence service/11.5\(1\)