CVE-2023-20255 Information

Description

A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge.

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-segfault-G6ES4Ve8