11-15-2020 08:12 AM
I have a customer who have made a penetration test on CMS (internal and external) and a security vulnerability was found that CMS doesn't terminate guest session if too many wrong pass code or call id was entered which could be exploited in a DoS attack, is there any Cisco CVE or document detailing how to overcome this vulnerability ?
I have attached an image of the penetration test report
11-15-2020 04:14 PM
Have you searched for that in the Cisco security advisories site online???
You can filter by product and find any for CMS.
11-17-2020 02:15 AM
As a matter of fact, I did, using Meeting Server and Cisco Meeting App as products but I didn’t find anything related to what I’m describing, I found a lot of DoS threads but none of them is related to the case I have described, actually I thought there’s no security risk in that regard in the first place (for example CMS actually terminates the session if a brute force attack is used) but I can’t seem to find any documentation confirming this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide