A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
The product reads data past the end, or before the beginning, of the intended buffer.
| Link | Tags |
|---|---|
| http://www.securitytracker.com/id/1041534 | third party advisory vdb entry |
| http://www.securityfocus.com/bid/105104 | third party advisory vdb entry |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos | vendor advisory |
| http://www.securitytracker.com/id/1041533 | third party advisory vdb entry |
| http://www.securityfocus.com/bid/105102 | third party advisory vdb entry |