CVE-2018-0280
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
17/05/2018
Last modified:
09/10/2019
Description
A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product. This vulnerability affects Cisco Meeting Server deployments that are running Cisco Meeting Server Software Releases 2.0, 2.1, 2.2, and 2.3. Cisco Bug IDs: CSCve79693, CSCvf91393, CSCvg64656, CSCvh30725, CSCvi86363.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:meeting_server:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:meeting_server:2.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page