A vulnerability in the cluster databasenbsp;(CDB) management component of Cisconbsp;Expressway Series Software, Cisconbsp;TelePresence Video Communication Servernbsp;(VCS) Software, and Cisco TelePresence Conductor Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of servicenbsp;(DoS) condition.

The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software.

An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system.

A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs

Security Impact Rating: Medium

CVE: CVE-2017-12287

Leave a Reply