Vulnslist

find the latest Cisco vulnerabilities

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

cisco-sa-20190417-es-tvcs-dos · High · Published · Updated

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Mitigation options that address this vulnerability are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability; however, there are mitigation options.
Option 1
Disable SIP if not required: Disabling SIP will completely close the attack vector for this vulnerability. However, it may not be suitable for all customers because it is a required feature in many environments.

To disable SIP from the web admin UI, navigate to Configuration > Protocols > SIP, and under the Configuration section, set SIP mode to Off and click Save.
Option 2
Disable Provisioning services if not required: Disabling Provisioning services will completely close the attack vector for this vulnerability. However, it may not be suitable for all customers because it is a required feature in many environments.

To disable Provisioning services from the web admin UI, the steps depend on the software version in use:

For releases X8.11 and later, navigate to System > Administration settings, and under the Services section, set Provisioning services to Off and click Save.
For releases prior to X8.11, disable the Phone Book server by removing all Provisioning (P) or Starter Pack (S) option keys.

CVEsCVE-2019-1721
Cisco Bug IDsCSCvn99037
CVSS ScoreBase 7.7
Base 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco TelePresence Video Communication Server (VCS), Cisco Expressway

Related Products

Product CVE Evidence
Cisco TelePresence Video Communication Server (VCS) CVE-2019-1721 Cisco OpenVuln
Cisco TelePresence CVE-2019-1721 Cisco OpenVuln
Cisco Expressway CVE-2019-1721 Cisco OpenVuln