What is CVE-2023-20255?

CVE-2023-20255 is a vulnerability in the Web Bridge feature of Cisco Meeting Server that allows an unauthenticated attacker to cause a DoS condition.

How does CVE-2023-20255 affect Cisco Meeting Server?

CVE-2023-20255 affects Cisco Meeting Server versions up to and excluding 3.6.1.

What is the severity of CVE-2023-20255?

CVE-2023-20255 has a severity level of medium with a CVSS score of 5.3.

How can an attacker exploit CVE-2023-20255?

An attacker can exploit CVE-2023-20255 by sending crafted HTTP requests to the API of the Web Bridge feature.

Is there a fix or patch available for CVE-2023-20255?

Cisco has released a security advisory with mitigation details for CVE-2023-20255, which can be found at the following URL: [link](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-segfault-G6ES4Ve8)

Vulnerability/
CVE-2023-20255

medium

5.3

CWE

1/11/2023

2/8/2024

CVE-2023-20255: Input Validation

First published: Wed Nov 01 2023(Updated: )

A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Meeting Server	<3.6.1

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-segfault-G6ES4Ve8

Frequently Asked Questions

What is CVE-2023-20255?
CVE-2023-20255 is a vulnerability in the Web Bridge feature of Cisco Meeting Server that allows an unauthenticated attacker to cause a DoS condition.
How does CVE-2023-20255 affect Cisco Meeting Server?
CVE-2023-20255 affects Cisco Meeting Server versions up to and excluding 3.6.1.
What is the severity of CVE-2023-20255?
CVE-2023-20255 has a severity level of medium with a CVSS score of 5.3.
How can an attacker exploit CVE-2023-20255?
An attacker can exploit CVE-2023-20255 by sending crafted HTTP requests to the API of the Web Bridge feature.
Is there a fix or patch available for CVE-2023-20255?
Cisco has released a security advisory with mitigation details for CVE-2023-20255, which can be found at the following URL: [link](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-segfault-G6ES4Ve8)

agent/type
agent/severity
agent/author
agent/references
agent/weakness
agent/softwarecombine
agent/description
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/cisco
canonical/cisco meeting server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.