7.5 - cisco-sa-20161102-cms1

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.

The vulnerability exists because the affected software performs incomplete input validation of the size of media lines in session descriptions. An attacker could exploit this vulnerability by sending crafted packets to the SDP parser on an affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on an affected system, which could allow the attacker to execute arbitrary code on the system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1

BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJYGeeeAAoJEK89gD3EAJB5ONgP/RUQTYCV+EW2SbXMFCghUH0m f6SrzmX3BJYe1ToFWf+QltKKHuS+iWr/R81fQ7tlBqDb8qpVIvhqM4HPirvKNl0w fwrkwu32FCDQNv6zeZuMeT9u0IooLzT6gEUDtxzhcy7iimhF6MmqdfyBSyYVVHrx N2N3Ru7ngMtgFLXdOGmL4AVT58LCy35WmxZXN1pel5VklKKnLhpXAnIyWovHDMJa srl9Hk7bgtP9Z8c+jhsAuQO6PdzZJXPo831TYQXx6gbzg5ESewfbcFSZpo35YVMZ BWEJ37NiYPXF9aMgu7t0+DwzSJr3ws9GQb58/R79m2vVTsLCAdbPtr7caHZ0yYEV Rc5zutMlNgMz1qR4fhwPefEIEktghmy9TmlrK6p7CLzXI0Xfa0jHYSUr12OT9qHo wLym7jGsC8NksH0rKEGFCKK3vQpflasW74BoJ1gwl046JbCQIQIc9U/ofcJZspKe KCbkpic0kAozMEms7tEprq3nOb34tPgWa0Ie1rXoDWu6ioXgjlMQusznO35MPIJ7 EfcmFV+Z8NK6cxG5G+aKwWl8xnWRii5/bXfEFnCx5ICcMD1KOP651rcCHpTDLs+m 5yYjwOOxrnHVveldIon6Ryp+1j0hkTZkbBPcRCN7kgNPioAC6GNWjFvj0hYxCbz9 8FFZPoHfD+E5+Bvcjz2r =69Jd END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com