cnvd - cnvd-2019-13284

cnvd-2019-13284

Vulnerability from cnvd

Title

Cisco Expressway Series和Cisco TelePresence Video Communication Server输入验证错误漏洞

Description

Cisco Expressway Series和Cisco TelePresence Video Communication Server（VCS）都是美国思科（Cisco）公司的产品。Cisco Expressway Series是一款用于统一通信的高级协作网关。Cisco TelePresence Video Communication Server是一款视频通信服务器。 Cisco Expressway Series和Cisco TelePresence VCS X12.5.1之前版本中的电话簿功能存在输入验证错误漏洞，该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击可利用漏洞耗尽CPU资源，从而导致DOS情况。

Severity

中

Patch Name

Cisco Expressway Series和Cisco TelePresence Video Communication Server输入验证错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos

Reference

https://web.nvd.nist.gov//vuln/detail/CVE-2019-1721

Impacted products

Name
['Cisco Expressway Series <X12.5.1', 'Cisco TelePresence Video Communication Server <<X12.5.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1721",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1721"
    }
  },
  "description": "Cisco Expressway Series\u548cCisco TelePresence Video Communication Server\uff08VCS\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Expressway Series\u662f\u4e00\u6b3e\u7528\u4e8e\u7edf\u4e00\u901a\u4fe1\u7684\u9ad8\u7ea7\u534f\u4f5c\u7f51\u5173\u3002Cisco TelePresence Video Communication Server\u662f\u4e00\u6b3e\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\u3002\n\nCisco Expressway Series\u548cCisco TelePresence VCS X12.5.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u7535\u8bdd\u7c3f\u529f\u80fd\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u53ef\u5229\u7528\u6f0f\u6d1e\u8017\u5c3dCPU\u8d44\u6e90\uff0c\u4ece\u800c\u5bfc\u81f4DOS\u60c5\u51b5\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-13284",
  "openTime": "2019-05-08",
  "patchDescription": "Cisco Expressway Series\u548cCisco TelePresence Video Communication Server\uff08VCS\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Expressway Series\u662f\u4e00\u6b3e\u7528\u4e8e\u7edf\u4e00\u901a\u4fe1\u7684\u9ad8\u7ea7\u534f\u4f5c\u7f51\u5173\u3002Cisco TelePresence Video Communication Server\u662f\u4e00\u6b3e\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\u3002\r\n\r\nCisco Expressway Series\u548cCisco TelePresence VCS X12.5.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u7535\u8bdd\u7c3f\u529f\u80fd\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u53ef\u5229\u7528\u6f0f\u6d1e\u8017\u5c3dCPU\u8d44\u6e90\uff0c\u4ece\u800c\u5bfc\u81f4DOS\u60c5\u51b5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Expressway Series\u548cCisco TelePresence Video Communication Server\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Expressway Series \u003cX12.5.1",
      "Cisco TelePresence Video Communication Server \u003c\u003cX12.5.1"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2019-1721",
  "serverity": "\u4e2d",
  "submitTime": "2019-04-17",
  "title": "Cisco Expressway Series\u548cCisco TelePresence Video Communication Server\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-1721 (GCVE-0-2019-1721)

Vulnerability from cvelistv5

Published

2019-04-18 00:20

Modified

2024-11-21 19:39

Severity ?

7.7 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-20

Summary

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.

References

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/108016	vdb-entry, x_refsource_BID