CVE-2019-1720

MEDIUM Year: 2019
CVSS v3 Score
4.9
Medium
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.

Related Vulnerabilities

CVE-2017-11183

MEDIUM
CVSS:4.9(Medium)

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.

CWE-202017

CVE-2017-14023

MEDIUM
CVSS:4.9(Medium)

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been id...

CWE-202017

CVE-2017-18453

MEDIUM
CVSS:4.9(Medium)

cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).

CWE-202017

CVE-2017-18464

MEDIUM
CVSS:4.9(Medium)

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).

CWE-202017

CVE-2017-2254

MEDIUM
CVSS:4.9(Medium)

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

CWE-202017

CVE-2017-6690

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or...

CWE-202017