First published: Wed Oct 20 2021(Updated: )
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Meeting Server |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Cisco Meeting Server vulnerability is cisco-sa-cms-LAHe8z5v.
The title of this vulnerability is Cisco Meeting Server Call Bridge Denial of Service Vulnerability.
The severity of the Cisco Meeting Server vulnerability with the ID cisco-sa-cms-LAHe8z5v is medium.
The Cisco Meeting Server vulnerability with the ID cisco-sa-cms-LAHe8z5v affects Cisco Meeting Server.
An unauthenticated attacker can exploit the Cisco Meeting Server vulnerability with the ID cisco-sa-cms-LAHe8z5v by sending large series of message requests, causing a denial of service (DoS) condition.