Cisco Unified Communications Manager Multiple Bugs Let Remote Users Deny Service and Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID: 1028938|
SecurityTracker URL: http://securitytracker.com/id/1028938
CVE-2013-3459, CVE-2013-3460, CVE-2013-3461, CVE-2013-3462
(Links to External Site)
Date: Aug 21 2013
Denial of service via network, Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 7.1(x) ,8.5(x) ,8.6(x), 9.0(x), 9.1(x)|
Several vulnerabilities were reported in Cisco Unified Communications Manager. A remote authenticated user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.|
A remote user can send specially crafted registration messages to trigger an error handling flaw and cause denial of service conditions [CVE-2013-3459].
Version 7.1(x) is affected.
The vendor has assigned bug ID CSCuf93466 to this vulnerability.
A remote user can send UDP packets at a high rate to certain ports to cause denial of service conditions [CVE-2013-3460].
Versions 8.5(x), 8.6(x), and 9.0(x) are affected.
The vendor has assigned bug ID CSCub85597 to this vulnerability.
A remote user can send UDP packets at a high rate to port 5060 to cause denial of service conditions [CVE-2013-3461].
Versions 8.5(x), 8.6(x) and 9.0(1) are affected.
The vendor has assigned bug ID CSCub35869 to this vulnerability.
A remote authenticated user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system [CVE-2013-3462].
The vendor has assigned bug ID CSCud54358 to this vulnerability.
A remote authenticated user can execute arbitrary code on the target system.|
A remote user can cause denial of service conditions.
The vendor has issued a fix (9.1(2)).|
Additional fixes are available for some prior versions and are listed in the vendor's advisory.
The vendor's advisory is available at:
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm (Links to External Site)
Access control error, Boundary error, State error|
Source Message Contents
Subject: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager|
-----BEGIN PGP SIGNED MESSAGE-----
Multiple Vulnerabilities in Cisco Unified Communications Manager
Advisory ID: cisco-sa-20130821-cucm
For Public Release 2013 August 21 16:00 UTC (GMT)
Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to modify data, execute arbitrary commands, or cause a denial of service (DoS) condition.
Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----