A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HCisco Telepresence Ce Software
APPCisco8.2.2Cisco Telepresence Tc Software
APPCisco3.1.53.1_base4.1.04.1.14.1.24.1_base4.2.04.2.14.2.24.2.34.2.44.2_base5.0.25.0.2-cucm5.0_base+ 51 wiΔcej
Related vulnerabilities
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collabor...
The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 all...
Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control...
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote...
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attacke...