Release date:
Updated on: 2013-06-27
Affected Systems:
Cisco Precision Video Engine
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-3393
Cisco Precision Video Engine is a media Engine Based on H.264 AVC and is used in the Cisco Jabber Client.
The Cisco Precision Video Engine code has a security vulnerability that can cause unauthenticated remote attackers to crash multiple processes and disconnect all active calls. This vulnerability is caused by an error in processing frequently sent special RTP packets. Attackers exploit this vulnerability by sending specially crafted RTP packets to the affected system.
<* Source: vendor
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3393
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-3393) and patches for this:
CVE-2013-3393: Cisco Jabber Video Engine Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3393