CVE-2019-1676 MEDIUM

CVE-2019-1676: Cisco Meeting Server SIP Processing Denial of Service Vulnerability

Vendor Cisco
Product Cisco Meeting Server
Weakness CWE-20 · Input validation
Published February 8, 2019
Last update November 21, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.

Key dates

02Disclosure timeline

February 8, 2019 CVE published
November 21, 2024 Record updated