Cisco Enterprise Chat and Email
Moderate fix1 remedy
cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 12.5
- >= 12.5, < 12.6
Cisco Enterprise Chat and Email Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in the chat messaging features of Cisco Enterprise Chat and Email (ECE). This issue allows an unauthenticated, remote attacker to cause the application to stop responding. The vulnerability arises from improper validation of user-supplied input to chat entry points. Exploitation involves sending malicious requests to a messaging chat entry point, leading to a condition where the application may not recover on its own and could require a manual restart of services by an administrator.
Impact
Exploitation of this vulnerability causes the application to stop responding, creating a denial-of-service condition that may require manual intervention to resolve.
Remediation
Cisco has released software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
4.7remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.