Skip to main content

Meeting Server CVE-2020-3160

MEDIUM
Improper Input Validation (CWE-20)
2020-02-19 psirt@cisco.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Feb 19, 2020 - 20:15 nvd
MEDIUM 5.3

DescriptionNVD

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications.

AnalysisAI

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. Affected products include: Cisco Meeting Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-6448 CRITICAL
9.8 Nov 03

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated,

CVE-2016-6447 CRITICAL
9.8 Nov 03

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbit

CVE-2017-12249 CRITICAL
9.1 Sep 13

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an a

CVE-2016-6445 CRITICAL
9.1 Oct 27

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) befor

CVE-2016-6444 HIGH
8.8 Oct 27

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request

CVE-2018-0439 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote att

CVE-2017-3837 HIGH
8.1 Feb 22

An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Co

CVE-2018-0262 HIGH
8.1 May 02

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to c

CVE-2017-6763 HIGH
7.5 Aug 07

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthent

CVE-2017-3830 HIGH
7.5 Feb 22

A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to

CVE-2016-6446 HIGH
7.5 Oct 27

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memor

CVE-2021-40122 HIGH
7.5 Oct 21

A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote atta

Share

CVE-2020-3160 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy