CVE-2019-1676
MEDIUMCisco Meeting Server < 2.3.9 - Unauthenticated Denial of Service via SDP Message Processing
Title source: llmDescription
A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106909
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-meeting-sipdos
Scores
CVSS v3
6.8
EPSS
0.0182
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
cisco/meeting_server
2.3.0 - 2.3.9
Published
Feb 08, 2019
Tracked Since
Feb 18, 2026