|
Cisco Unified Communications Manager Authentication Bypass and Denial of Service
|
|
Secunia Advisory:
|
SA30848
|
|
|
Release Date:
|
2008-06-26
|
|
Popularity:
|
3,871 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Cisco Unified CallManager 4.x
Cisco Unified CallManager 5.x
Cisco Unified Communications Manager 4.x
Cisco Unified Communications Manager 5.x
Cisco Unified Communications Manager 6.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
A vulnerability and a security issue have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service).
1) An unspecified error in the Computer Telephony Integration (CTI) Manager service can be exploited to cause a DoS by sending a specially crafted packet to port 2748/TCP.
2) A security issue exists in the Real-Time Information Server (RIS) Data Collector service, which can be exploited to bypass authentication checks and disclose e.g. information about performance statistics, user names, and configured IP phones.
The vulnerability and the security issue affect the following products and versions:
* Cisco Unified CallManager 4.1 versions
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3c)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(2)
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
