Vulnerabilities > CVE-2020-3596 - Always-Incorrect Control Flow Implementation vulnerability in Cisco products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-670

NVD

Published: 2020-10-08

Updated: 2023-11-07

Summary

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Expressway - Cisco Expressway 14.0 Cisco Expressway 14.0.7 Cisco Expressway X8.1 Cisco Expressway X8.1.0 Cisco Expressway X8.1.1 Cisco Expressway X8.1.2 Cisco Expressway X8.2 Cisco Expressway X8.2.1 Cisco Expressway X8.2.2 Cisco Expressway X8.5 Cisco Expressway X8.5.0 Cisco Expressway X8.5.1 Cisco Expressway X8.5.2 Cisco Expressway X8.5.3 Cisco Expressway X8.6.0 Cisco Expressway X8.6.1 Cisco Expressway X8.7.0 Cisco Expressway X8.7.1 Cisco Expressway X8.7.2 Cisco Expressway X8.7.3 Cisco Expressway X8.8.0 Cisco Expressway X8.8.1 Cisco Expressway X8.8.2 Cisco Expressway X8.8.3 Cisco Expressway X8.9 Cisco Expressway X8.9.1 Cisco Expressway X8.9.2 Cisco Expressway X8.10 Cisco Expressway X8.10.1 Cisco Expressway X8.10.2 Cisco Expressway X8.10.3 Cisco Expressway X8.10.4 Cisco Expressway X8.11 Cisco Expressway X8.11.4 Cisco Expressway X12.5 Cisco Expressway X12.5.1 Cisco Expressway X12.5.2 Cisco Expressway X12.5.3 Cisco Expressway X12.6.3 Cisco Telepresence Video Communication Server - Cisco Telepresence Video Communication Server 14.0 Cisco Telepresence Video Communication Server 14.0.5 Cisco Telepresence Video Communication Server 14.0.7 Cisco Telepresence Video Communication Server X.6.1 Cisco Telepresence Video Communication Server X.7.0.3 Cisco Telepresence Video Communication Server X5.2 Cisco Telepresence Video Communication Server X6.0 Cisco Telepresence Video Communication Server X6.1 Cisco Telepresence Video Communication Server X7.0.0 Cisco Telepresence Video Communication Server X7.0.1 Cisco Telepresence Video Communication Server X7.0.2 Cisco Telepresence Video Communication Server X7.0.3 Cisco Telepresence Video Communication Server X7.1 Cisco Telepresence Video Communication Server X7.2 Cisco Telepresence Video Communication Server X7.2.0 Cisco Telepresence Video Communication Server X7.2.1 Cisco Telepresence Video Communication Server X7.2.2 Cisco Telepresence Video Communication Server X7.2.3 Cisco Telepresence Video Communication Server X7.2.4 Cisco Telepresence Video Communication Server X8.1 Cisco Telepresence Video Communication Server X8.1.1 Cisco Telepresence Video Communication Server X8.1.2 Cisco Telepresence Video Communication Server X8.1_Base Cisco Telepresence Video Communication Server X8.2 Cisco Telepresence Video Communication Server X8.2.1 Cisco Telepresence Video Communication Server X8.2.2 Cisco Telepresence Video Communication Server X8.2_Base Cisco Telepresence Video Communication Server X8.5 Cisco Telepresence Video Communication Server X8.5.0 Cisco Telepresence Video Communication Server X8.5.1 Cisco Telepresence Video Communication Server X8.5.2 Cisco Telepresence Video Communication Server X8.5.3 Cisco Telepresence Video Communication Server X8.6 Cisco Telepresence Video Communication Server X8.6.0 Cisco Telepresence Video Communication Server X8.6.1 Cisco Telepresence Video Communication Server X8.7 Cisco Telepresence Video Communication Server X8.7.0 Cisco Telepresence Video Communication Server X8.7.1 Cisco Telepresence Video Communication Server X8.7.2 Cisco Telepresence Video Communication Server X8.7.3 Cisco Telepresence Video Communication Server X8.8 Cisco Telepresence Video Communication Server X8.8.1 Cisco Telepresence Video Communication Server X8.8.2 Cisco Telepresence Video Communication Server X8.8.3 Cisco Telepresence Video Communication Server X8.9 Cisco Telepresence Video Communication Server X8.9.1 Cisco Telepresence Video Communication Server X8.9.2 Cisco Telepresence Video Communication Server X8.10 Cisco Telepresence Video Communication Server X8.10.1 Cisco Telepresence Video Communication Server X8.10.2 Cisco Telepresence Video Communication Server X8.10.3 Cisco Telepresence Video Communication Server X8.10.4 Cisco Telepresence Video Communication Server X8.11 Cisco Telepresence Video Communication Server X8.11.0 Cisco Telepresence Video Communication Server X8.11.4 Cisco Telepresence Video Communication Server X12.5 Cisco Telepresence Video Communication Server X12.5.0 Cisco Telepresence Video Communication Server X12.5.1 Cisco Telepresence Video Communication Server X12.5.2 Cisco Telepresence Video Communication Server X12.5.3 Cisco Telepresence Video Communication Server X12.5.4 Cisco Telepresence Video Communication Server X12.5.5 Cisco Telepresence Video Communication Server X12.5.6 Cisco Telepresence Video Communication Server X12.5.7 Cisco Telepresence Video Communication Server X12.5.8 Cisco Telepresence Video Communication Server X12.5.9 Cisco Telepresence Video Communication Server X12.6.0 Cisco Telepresence Video Communication Server X12.6.1 Cisco Telepresence Video Communication Server X12.6.2 Cisco Telepresence Video Communication Server X12.6.3	118

Common Weakness Enumeration (CWE)

CWE-670 - Always-Incorrect Control Flow Implementation

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-vcs-dos-n6xxTMZB