A vulnerability in the Representational State Transfer (REST) interface of Cisco Spark could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
 
The vulnerability is due to missing authorization checks on certain administrative pages. An attacker could exploit this vulnerability by using certain pages to deny service of specific resources.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp3
A vulnerability in the Representational State Transfer (REST) interface of Cisco Spark could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
 
The vulnerability is due to missing authorization checks on certain administrative pages. An attacker could exploit this vulnerability by using certain pages to deny service of specific resources.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp3

Security Impact Rating: Medium

CVE: CVE-2016-1324