Cisco addresses denial-of-service vulnerability in Videoscape products

Cisco has released software updates to address a denial-of-service (DoS) vulnerability in Videoscape Distribution Suite for Internet Streaming (VDS-IS) and Videoscape Distribution Suite Service Broker (VDS-SB).

According to an advisory, the vulnerability – CVE-2015-0725 – can be exploited by a remote, unauthenticated attacker to trigger device instability and cause a reload of the vulnerable device.

“The vulnerability is due to improper input validation,” the advisory said. “An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition.”

Cisco said that it is not aware of any public announcements about the bug, or that the vulnerability is being exploited, and explained that it was identified by the Cisco Technical Assistance Center during the investigation of a customer issue.