Cisco Unity Lets Remote Users Consume All Available Administrative Sessions
|
|
SecurityTracker Alert ID: 1021013 |
|
SecurityTracker URL: http://securitytracker.com/id/1021013
|
|
CVE Reference:
CVE-2008-4543
(Links to External Site)
|
Updated: Oct 14 2008
|
Original Entry Date: Oct 8 2008
|
Impact:
Denial of service via network
|
Vendor Confirmed: Yes
|
Version(s): 4.x, 5.x, 7.x
|
Description:
A vulnerability was reported in Cisco Unity. A remote user can cause denial of service conditions.
A remote user can consume all available sessions, preventing administrators from accessing the system until the system is rebooted.
Only systems configured for anonymous authentication are affected.
Cisco has assigned Cisco Bug ID CSCsr86971 to this vulnerability.
The original advisory is available at:
http://www.voipshield.com/research-details.php?id=128
VoIPshield Systems reported this vulnerability.
|
Impact:
A remote user can prevent administrators from accessing the system until the system is rebooted.
|
Solution:
The vendor has issued fixed versions (4.2(1)ES161, 5.0(1)ES53, 7.0(2)ES8).
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml (Links to External Site)
|
Cause:
Resource error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 8 Oct 2008 17:09:48 -0400
Subject: Cisco Security Response: VoIPshield Reported Vulnerabilities in Cisco Unity Server
|
http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml
|
|
