关键漏洞信息 Advisory ID: cisco-sa-20160420-libsrtpt CVE Identifier: CVE-2015-6360 CVSS Score: Base 7.8, Temporal 7.4 Risk Level: High Vulnerability Type: Denial of Service (DoS) Affected Products: - Cisco WebEx Meetings Server versions 1.x - Cisco JinJabber for Android - Cisco Unity Connection (UC) - Cisco Virtualization Experience Media Engine - And other products listed in the document Vulnerable Library: libSRTP (versions prior to 1.5.3) Issue Description: The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. Environment Requirements for Exploitation: The vulnerability is triggered when processing an SRTP packet with a crafted value in a specific field, leading to an integer underflow. Patch/Update Information: Cisco has released free software updates that address the vulnerability.