CVE-2019-1720
Last modified
CVE-2019-1720 is a vulnerability of currently unknown severity. A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. EPSS estimates a 1.70% chance of exploitation in the next 30 days.
Description
A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence Video Communication Server | < x12.5.1 |
References
- http://www.securityfocus.com/bid/108002Third Party Advisory
- http://www.securityfocus.com/bid/108002Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1720?
How severe is CVE-2019-1720?
How do I fix CVE-2019-1720?
Are you affected by CVE-2019-1720?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST