Thursday, September 25, 2008 3:08 PM cmosby

Cisco Unified Communications Manager SIP Denial of Service Vulnerabilities

Cisco Unified Communications Manager SIP Denial of Service Vulnerabilities
Secunia Advisory: SA32013 Release Date: 2008-09-25 Popularity: 307 views
Critical:
Moderately critical Impact: DoS
Where: From remote Solution Status: Unpatched
Software:Cisco Unified CallManager 4.x
Cisco Unified Communications Manager 5.x
Cisco Unified Communications Manager 6.x

Subscribe: Instant alerts on relevant vulnerabilities
CVE reference:CVE-2008-3800
CVE-2008-3801


Description:
Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).

Multiple unspecified errors exist in the processing of SIP messages, which can be exploited to cause a reload of an affected device.

This is related to vulnerability #5 in:
SA31990

The following versions are affected:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b
* Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3d)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(2)su1

Solution:
The vendor will release updated versions that fix these vulnerabilities (please see vendor advisory for details).

Restrict network access to the affected services.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml

Other References:
SA31990
http://secunia.com/advisories/31990/ Filed under: , , , , ,

Comments

No Comments