First published: Thu Apr 18 2019(Updated: )
A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Video Communication Server | <x12.5.1 | |
<x12.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1720 is a vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) that allows an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.
The severity of CVE-2019-1720 is medium with a CVSS score of 4.9.
CVE-2019-1720 affects Cisco TelePresence Video Communication Server by causing the CPU to increase to 100% utilization, resulting in a DoS condition.
Yes, Cisco has released a security advisory with mitigation details and software updates to address the vulnerability. Please refer to the Cisco Security Advisory for specific instructions.
You can find more information about CVE-2019-1720 in the SecurityFocus and Cisco Security Advisory links provided.