Cisco Unity Lets Remote Users Consume All Available Administrative Sessions
|
|
SecurityTracker Alert ID: 1021013
|
|
SecurityTracker URL: http://securitytracker.com/id?1021013
|
|
CVE Reference: CVE-2008-4543
(Links to External Site)
|
Updated: Oct 14 2008
|
Original Entry Date: Oct 8 2008
|
Impact: Denial of service via network
|
Vendor Confirmed: Yes
|
Advisory: Cisco Security Advisory
|
Version(s): 4.x, 5.x, 7.x
|
Description: A vulnerability was reported in Cisco Unity. A remote user can cause denial of service conditions.
A remote user can consume all available sessions, preventing administrators from accessing the system until the system is rebooted.
Only
systems configured for anonymous authentication are affected.
Cisco has assigned Cisco Bug ID CSCsr86971 to this vulnerability.
The
original advisory is available at:
http://www.voipshield.com/research-details.php?id=128
VoIPshield Systems reported this
vulnerability.
|
Impact: A remote user can prevent administrators from accessing the system until the system is rebooted.
|
Solution: The vendor has issued fixed versions (4.2(1)ES161, 5.0(1)ES53, 7.0(2)ES8).
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml (Links to External Site)
|
Cause: Resource error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 8 Oct 2008 17:09:48 -0400
Subject: Cisco Security Response: VoIPshield Reported Vulnerabilities in Cisco Unity Server
|
http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml
|
|
