Cisco has warned about a serious security issue in the Web Bridge feature of the Cisco Meeting Server. The flaw (CVE-2023-20255) could let someone who is not authorized attack the system and cause a DoS condition.
Insufficient request verification by the system causes the issue when processing web requests.
Sending malicious requests to the system could cause it to crash, which has the potential to impact the video calls that utilize the Web Bridge functionality.
The Web Bridge’s functionality can be disrupted and cause video calls to fail if it receives excessive bad requests.
Cisco Meeting Server Flaw
Cisco has addressed the problem by releasing updated software versions that no longer contain the issue. The problem is limited to the Cisco Meeting Server platform.
Users should update their software to the new versions that Cisco has made. Cisco also advises users to check their security page often for more information and solutions.
Users who want to update their software should ensure that their devices have enough memory and that their hardware and software are compatible with the new versions.
Cisco has made a table that shows which versions of the Cisco Meeting Server have the problem and which versions are fixed:
- Cisco Meeting Server Release 3.5 and earlier: Users should change to the fixed version.
- Cisco Meeting Server Release 3.6:Upgrade to version 3.6.1, which has the fix.
- Cisco Meeting Server Releases 3.7 and 3.8: Not affected by this problem.
Cisco’s security team has checked the information in this article and ensured it is correct and reliable.
As per this advisory, there have been no public announcements or reports of malicious exploitation of the vulnerability that Cisco PSIRT is currently aware of.
Cisco found this issue when working with a customer with another issue. Cisco is always trying to find and fix security problems quickly.
Cisco’s fast response to this issue shows how they work with others in the cybersecurity community to keep everyone safe online.
Watch for more updates and alerts from Cisco and other cybersecurity experts to protect your systems from new threats.
Protect vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a Free Trial to ensure 100% security.