Improper input validation in Cisco Telepresence_video_communication_server_software

CVE-2014-0662

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.015 (81.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x6.0, x6.1, x7.1
Cisco Telepresence_video_communication_servers_software — versions x7.0, x7.0.1, x7.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
65076 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
20140122 Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
102363 (x_refsource_OSVDB, vdb-entry, Broken Link)
1029655 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
56592 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
cisco-vcs-cve20140662-dos(90621) (vdb-entry, x_refsource_XF)