

Rewterz Threat Advisory – CVE-2019-1878 – Cisco TelePresence Endpoint Command Shell Injection Vulnerability
June 26, 2019
Rewterz Threat Advisory – Red Hat update for Firefox Multiple Vulnerabilities
June 26, 2019
Rewterz Threat Advisory – CVE-2019-1878 – Cisco TelePresence Endpoint Command Shell Injection Vulnerability
June 26, 2019
Rewterz Threat Advisory – Red Hat update for Firefox Multiple Vulnerabilities
June 26, 2019Severity
High
Analysis Summary
The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack.
Impact
Denial of service
Affected Vendors
Cisco
Affected Products
- Expressway Series configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2
- TelePresence VCS configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2
- Unified Communications Manager IM&P Service
Remediation
Please see vendor’s advisory for fixed patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-cucm-imp-dos