cisco-sa-20170215-cms

Cisco Meeting Server API Denial of Service Vulnerability

cisco-sa-20170215-cms · Medium · Published 9 years ago · Updated 9 years ago

A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. The vulnerability is due to invalid data being received on a specific port. An attacker could exploit this vulnerability by sending crafted packets to a specific port on the device. Successful exploitation could cause the CMS to crash. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms

Cisco advisory · CSAF JSON

Workarounds

There are workarounds that address this vulnerability. The firewall functionality of the CMS can be leveraged to block external access to port 2829.

CVEs	CVE-2017-3830
Cisco Bug IDs	CSCvc89678
CVSS Score	Base 6.5 Base 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco Meeting Server

Related Products

Product	CVE	Evidence
Cisco Meeting Server	CVE-2017-3830	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Meeting Server API Denial of Service Vulnerability

Workarounds

Related Products