Vulnerabilities > CVE-2019-1721 - Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

NVD

Published: 2019-04-18

Updated: 2019-10-09

Summary

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Telepresence Video Communication Server - Cisco Telepresence Video Communication Server X5.2 Cisco Telepresence Video Communication Server X6.0 Cisco Telepresence Video Communication Server X6.1 Cisco Telepresence Video Communication Server X7.0.0 Cisco Telepresence Video Communication Server X7.0.1 Cisco Telepresence Video Communication Server X7.0.2 Cisco Telepresence Video Communication Server X7.0.3 Cisco Telepresence Video Communication Server X7.1 Cisco Telepresence Video Communication Server X7.2.0 Cisco Telepresence Video Communication Server X7.2.1 Cisco Telepresence Video Communication Server X7.2.2 Cisco Telepresence Video Communication Server X7.2.3 Cisco Telepresence Video Communication Server X7.2.4 Cisco Telepresence Video Communication Server X8.1 Cisco Telepresence Video Communication Server X8.1.1 Cisco Telepresence Video Communication Server X8.1.2 Cisco Telepresence Video Communication Server X8.1_Base Cisco Telepresence Video Communication Server X8.2 Cisco Telepresence Video Communication Server X8.2.1 Cisco Telepresence Video Communication Server X8.2.2 Cisco Telepresence Video Communication Server X8.2_Base Cisco Telepresence Video Communication Server X8.5 Cisco Telepresence Video Communication Server X8.5.0 Cisco Telepresence Video Communication Server X8.5.1 Cisco Telepresence Video Communication Server X8.5.2 Cisco Telepresence Video Communication Server X8.5.3 Cisco Telepresence Video Communication Server X8.6 Cisco Telepresence Video Communication Server X8.6.0 Cisco Telepresence Video Communication Server X8.6.1 Cisco Telepresence Video Communication Server X8.7 Cisco Telepresence Video Communication Server X8.7.1 Cisco Telepresence Video Communication Server X8.7.2 Cisco Telepresence Video Communication Server X8.7.3 Cisco Telepresence Video Communication Server X8.8 Cisco Telepresence Video Communication Server X8.8.1 Cisco Telepresence Video Communication Server X8.8.2 Cisco Telepresence Video Communication Server X8.8.3 Cisco Telepresence Video Communication Server X8.9 Cisco Telepresence Video Communication Server X8.9.1 Cisco Telepresence Video Communication Server X8.9.2 Cisco Telepresence Video Communication Server X8.10 Cisco Telepresence Video Communication Server X8.10.1 Cisco Telepresence Video Communication Server X8.10.2 Cisco Telepresence Video Communication Server X8.10.3 Cisco Telepresence Video Communication Server X8.10.4 Cisco Telepresence Video Communication Server X8.11.4 Cisco Telepresence Video Communication Server X12.5	50

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References