CVE-2017-6763

moderate-risk
Published 2017-08-07

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker could exploit this vulnerability by sending a crafted H.264 FU-A packet through the affected application. A successful exploit could allow the attacker to cause a DoS condition on the affected system due to an unexpected restart of the CMS media process on the system. Although the CMS platform continues to operate and only the single, affected CMS media process is restarted, a brief interruption of media traffic for certain users could occur. Cisco Bug IDs: CSCve10131.

Do I need to act?

~
2.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Cisco

References (8)

Third Party Advisory http://www.securityfocus.com/bid/100111
Third Party Advisory http://www.securitytracker.com/id/1039058
Vendor Advisory https://quickview.cloudapps.cisco.com/quickview/bug/CSCve10131
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
Third Party Advisory http://www.securityfocus.com/bid/100111
Third Party Advisory http://www.securitytracker.com/id/1039058
Vendor Advisory https://quickview.cloudapps.cisco.com/quickview/bug/CSCve10131
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
36
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal