Important DoS Vulnerability for Cisco Expressway and VCS X7.x and X8.x – CVE-2017-6790

Posted by Eric Losier on Dec 13, 2017 9:34:21 AM

Cisco Expressway.png

Special thank you to Ben Petroff and the Stack8 Managed Services team for their expertise with Cisco Expressway  

Earlier this spring, Cisco had announced a denial of service (DoS) vulnerability affecting CUCM 10.x and 11.x, which we discussed in a previous blog post entitled: Important DoS Vulnerability for CUCM 10.x and 11.x "cisco-sa-20170419-ucm"

Cisco has recently announced that Cisco Expressway and TelePresence Video Communication Server (VCS) are also affected by a similar DoS vulnerability. Advisory ID “cisco-sa-20170816-vcs” (CVE-2017-6790) explains that an unauthenticated, remote attacker could send excessive SIP traffic to the device and cause a complete DoS condition on the targeted system.

Need help with Cisco Expressway

Given the fact that Expressway and VCS are often positioned at the edge of the network (ideally in a DMZ) and thus publicly accessible from the Internet, Stack8 considers this as a very serious vulnerability and recommends that affected systems be upgraded as soon as possible.

Any Expressway or VCS release from X7.x and below X8.10 are vulnerable.

More details on this vulnerability can be found here:

Should you or your organization require assistance with the deployment of this important Expressway/VCS software update, Stack8’s team of Cisco UC experts are available to help!

Subscribe to the Stack8 Blog

Topics: cisco expressway, CVE-2017-6790

Don’t miss out. Expert advice straight to your inbox!

Insightful tips, troubleshooting and solutions for your everyday Unified Communications challenges from our team of experts. You can look forward to:

  • Weekly UC tips;
  • Cisco Unified Communications insights;
  • UCCX - Contact Center insights;
  • Network and Security insights;
  • Cisco Release notes and Product reviews.

Posts by Topic

see all
Join us for free live demo

Recent Posts