安全研究
安全漏洞
Cisco Expressway系列和TelePresence视频通信服务器拒绝服务漏洞(CVE-2019-1721)
发布日期:2019-06-12
更新日期:2019-06-18
受影响系统:
Cisco TelePresence Video Communication Server X8.8.3不受影响系统:
Cisco TelePresence Video Communication Server X8.8.3
Cisco TelePresence Video Communication Server X8.7.2
Cisco TelePresence Video Communication Server X8.7.2
Cisco TelePresence Video Communication Server X8.5.2
Cisco TelePresence Video Communication Server X8.5.2
Cisco TelePresence Video Communication Server X8.5.1
Cisco TelePresence Video Communication Server X8.5.1
Cisco TelePresence Video Communication Server X8.2
Cisco TelePresence Video Communication Server X8.2
Cisco TelePresence Video Communication Server X8.1.1
Cisco TelePresence Video Communication Server X8.1.1
Cisco TelePresence Video Communication Server X8.1
Cisco TelePresence Video Communication Server X8.1
Cisco TelePresence Video Communication Server X8
Cisco TelePresence Video Communication Server X8
Cisco TelePresence Video Communication Server X7.2.3
Cisco TelePresence Video Communication Server X7.2.3
Cisco TelePresence Video Communication Server X7.2.2
Cisco TelePresence Video Communication Server X7.2.2
Cisco TelePresence Video Communication Server X7.2.1
Cisco TelePresence Video Communication Server X7.2.1
Cisco TelePresence Video Communication Server X7.2
Cisco TelePresence Video Communication Server X7.2
Cisco TelePresence Video Communication Server X7.1
Cisco TelePresence Video Communication Server X7.1
Cisco TelePresence Video Communication Server X7.0.3
Cisco TelePresence Video Communication Server X7.0.3
Cisco TelePresence Video Communication Server X7.0.1
Cisco TelePresence Video Communication Server X7.0.1
Cisco TelePresence Video Communication Server X7.0
Cisco TelePresence Video Communication Server X7.0
Cisco TelePresence Video Communication Server X6.0.2
Cisco TelePresence Video Communication Server X6.0.2
Cisco Expressway X8.8.3
Cisco Expressway X8.1.1
Cisco Expressway X8.1
Cisco Expressway 8.8
Cisco TelePresence Video Communication Server X12.5.1描述:
Cisco Expressway X12.5.1
BUGTRAQ ID: 108016
CVE(CAN) ID: CVE-2019-1721
Cisco Expressway是一款功能强大的网关解决方案,专为通过Cisco Unified提供的全面协作服务而设计。
思科网真视频通信服务器 (VCS) 提供了各种灵活且可扩展的视频会议应用,可帮助组织在提高员工工作效率的同时,与合作伙伴及客户加强交流。
Cisco Expressway系列和Cisco TelePresence视频通信服务器(VCS)的电话簿功能中的漏洞可能允许经过身份验证的远程攻击者将CPU提高到100%利用率,从而导致受影响的拒绝服务(DoS)状况系统。该漏洞是由于XML输入的处理不当造成的。攻击者可以通过向受影响的设备发送带有精心设计的XML有效负载的会话初始协议(SIP)消息来利用此漏洞。成功利用可能会使攻击者耗尽CPU资源,从而导致DoS状况。
<*来源:思科
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos
*>
建议:
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20190417-es-tvcs-dos)以及相应补丁:
cisco-sa-20190417-es-tvcs-dos:Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos
补丁下载:
浏览次数:1284
严重程度:0(网友投票)
绿盟科技给您安全的保障