====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN104

_____________________________________________________________________

DATE                : 18/04/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco Expressway Series software,
                 Cisco TelePresence Video Communication Server software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos
_____________________________________________________________________

Cisco Security Advisory: Cisco Expressway Series and Cisco TelePresence
Video Communication Server Denial of Service Vulnerability

Advisory ID: cisco-sa-20190417-es-tvcs-dos

Revision: 1.0

For Public Release: 2019 April 17 16:00 GMT

Last Updated: 2019 April 17 16:00 GMT

CVE ID(s): CVE-2019-1721

CVSS Score v(3): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the phone book feature of Cisco Expressway Series and
Cisco TelePresence Video Communication Server (VCS) could allow an
authenticated, remote attacker to cause the CPU to increase to 100%
utilization, causing a denial of service (DoS) condition on an affected
system.

The vulnerability is due to improper handling of the XML input. An
attacker could exploit this vulnerability by sending a Session
Initiation Protocol (SIP) message with a crafted XML payload to an
affected device. A successful exploit could allow the attacker to
exhaust CPU resources, resulting in a DoS condition. Manual intervention
may be required to recover the device.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability. Mitigation
options that address this vulnerability are available.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos"]


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================