Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
Description
A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted SIP XML payload in Cisco Expressway/VCS phone book feature causes CPU exhaustion, leading to DoS. Fixed in X12.5.1.
Vulnerability
The vulnerability resides in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). The software improperly handles crafted XML input embedded in Session Initiation Protocol (SIP) messages. An authenticated, remote attacker can exploit this to cause the CPU to reach 100% utilization. The vulnerability affects all versions prior to X12.5.1 [1].
Exploitation
An attacker must have valid authentication credentials to the device and network access to send SIP messages. The exploitation involves sending a SIP message containing a specially crafted XML payload. The processing of this payload triggers an infinite or extremely resource-intensive loop, causing the CPU to spike and remain at 100% utilization. Manual intervention may be required to restore normal operation [1].
Impact
Successful exploitation results in a denial of service (DoS) condition. The device becomes unresponsive to legitimate SIP calls and management requests. The attacker does not gain data access or code execution; the impact is strictly availability degradation. The entire device may need a reboot or manual recovery to clear the condition [1].
Mitigation
The vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence VCS releases X12.5.1 and later. Cisco has released free software updates. Users with service contracts should upgrade via normal channels; those without contracts can contact Cisco TAC for a free upgrade. There are no workarounds other than restricting SIP access to trusted, authenticated users [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3< X12.5.1+ 1 more
- (no CPE)range: < X12.5.1
- (no CPE)range: unspecified
- Range: < X12.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dosmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/108016mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.