Cisco Unified Communications Manager Multiple Vulnerabilities

Last Update Date: 22 Aug 2013 10:10 Release Date: 22 Aug 2013 3831 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities have been identified in Cisco Unified Communications Manager. A remote authenticated user can execute arbitrary code on the target system, and cause denial of service conditions.

  1. A remote user can send a large number of TCP connections to ports 5060 or 5061 to trigger a memory leak and cause denial of service conditions.
  2. A remote user can send specially crafted registration messages to trigger an error handling flaw and cause denial of service conditions.
  3. A remote user can send UDP packets at a high rate to certain ports including port 5060 to cause denial of service conditions.
  4. A remote authenticated user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Versions 7.1(x) ,8.5(x) ,8.6(x), 9.0(x), 9.1(x)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (9.1(2)).

Vulnerability Identifier

Source

Share with

Previous

Google Chrome Multiple Vulnerabilities

22 Aug 2013 3881 Views

Next

VMware Workstation and Player vmware-mount Command Vulnerability

26 Aug 2013 3866 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY