Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319.
These vulnerabilities affect all three variants (Control, Expressway, and Starter Pack Express) of Cisco TelePresence Video Communication Server.'
CVSS v2.0 Severity and Metrics:
Access Vector (AV):
Access Complexity (AC):
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service