|
Cisco Unified CallManager and Presence Server ICMP Echo and IPSec Denial of Service
|
|
Secunia Advisory:
|
SA24690
|
|
|
Release Date:
|
2007-03-29
|
|
Last Update:
|
2007-04-03
|
|
Popularity:
|
9,551 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Cisco Unified CallManager 5.x
Cisco Unified Communications Manager 5.x
Cisco Unified Presence Server 1.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities have been reported in Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS), which can be exploited by malicious people to cause a DoS (Denial of Service).
1) An unspecified error exists within the handling of large amounts of ICMP Echo packets. This can be exploited to crash various CUCM or CUPS services by sending a lot of ICMP Echo packets.
2) An unspecified error exists within the IPSec Manager service for CUCM or CUPS. This can be exploited to e.g. stop certain services like call forwarding by sending a specially crafted UDP packet to port 8500.
The vulnerabilities are reported in CUCM 5.0 versions prior to 5.0(4a)SU1, and CUPS 1.0 versions prior to 1.0(3).
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
