==================================================================== CERT-Renater Note d'Information No. 2018/VULN189 _____________________________________________________________________ DATE : 17/05/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Meeting Server Software versions 2.0, 2.1, 2.2, 2.3. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms _____________________________________________________________________ Cisco Security Advisory: Cisco Meeting Server Media Services Denial of Service Vulnerability Advisory ID: cisco-sa-20180516-msms Revision: 1.0 For Public Release: 2018 May 16 16:00 GMT Last Updated: 2018 May 16 16:00 GMT CVE ID(s): CVE-2018-0280 CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms"] ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================