Skip to main content

Meeting Server CVE-2019-1678

MEDIUM
Improper Input Validation (CWE-20)
2019-02-07 psirt@cisco.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Feb 07, 2019 - 20:29 nvd
MEDIUM 4.3

DescriptionNVD

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected.

AnalysisAI

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected. Affected products include: Cisco Meeting Server. Version information: prior to 2.4.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-6448 CRITICAL
9.8 Nov 03

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated,

CVE-2016-6447 CRITICAL
9.8 Nov 03

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbit

CVE-2017-12249 CRITICAL
9.1 Sep 13

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an a

CVE-2016-6445 CRITICAL
9.1 Oct 27

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) befor

CVE-2016-6444 HIGH
8.8 Oct 27

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request

CVE-2018-0439 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote att

CVE-2017-3837 HIGH
8.1 Feb 22

An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Co

CVE-2018-0262 HIGH
8.1 May 02

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to c

CVE-2017-6763 HIGH
7.5 Aug 07

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthent

CVE-2017-3830 HIGH
7.5 Feb 22

A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to

CVE-2016-6446 HIGH
7.5 Oct 27

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memor

CVE-2021-40122 HIGH
7.5 Oct 21

A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote atta

Share

CVE-2019-1678 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy