Patch/Configuration Management, Vulnerability Management

Cisco addresses denial-of-service vulnerability in Videoscape products

Cisco has released software updates to address a denial-of-service (DoS) vulnerability in Videoscape Distribution Suite for Internet Streaming (VDS-IS) and Videoscape Distribution Suite Service Broker (VDS-SB).

According to an advisory, the vulnerability – CVE-2015-0725 – can be exploited by a remote, unauthenticated attacker to trigger device instability and cause a reload of the vulnerable device.

“The vulnerability is due to improper input validation,” the advisory said. “An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition.”

Cisco said that it is not aware of any public announcements about the bug, or that the vulnerability is being exploited, and explained that it was identified by the Cisco Technical Assistance Center during the investigation of a customer issue.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.