Vulnerability Description
A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Meeting Server | 2.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101855Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039827Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/101855Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039827Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12311?
CVE-2017-12311 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it rece...
How severe is CVE-2017-12311?
CVE-2017-12311 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12311?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Meeting Server.