SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (VoIP)  >   Cisco Unified Communications Manager Vendors:   Cisco
Cisco Unified Communications Manager Multiple Bugs Let Remote Users Deny Service and Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1028938
SecurityTracker URL:  http://securitytracker.com/id/1028938
CVE Reference:   CVE-2013-3459, CVE-2013-3460, CVE-2013-3461, CVE-2013-3462   (Links to External Site)
Date:  Aug 21 2013
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1(x) ,8.5(x) ,8.6(x), 9.0(x), 9.1(x)
Description:   Several vulnerabilities were reported in Cisco Unified Communications Manager. A remote authenticated user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

A remote user can send specially crafted registration messages to trigger an error handling flaw and cause denial of service conditions [CVE-2013-3459].

Version 7.1(x) is affected.

The vendor has assigned bug ID CSCuf93466 to this vulnerability.

A remote user can send UDP packets at a high rate to certain ports to cause denial of service conditions [CVE-2013-3460].

Versions 8.5(x), 8.6(x), and 9.0(x) are affected.

The vendor has assigned bug ID CSCub85597 to this vulnerability.

A remote user can send UDP packets at a high rate to port 5060 to cause denial of service conditions [CVE-2013-3461].

Versions 8.5(x), 8.6(x) and 9.0(1) are affected.

The vendor has assigned bug ID CSCub35869 to this vulnerability.

A remote authenticated user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system [CVE-2013-3462].

The vendor has assigned bug ID CSCud54358 to this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (9.1(2)).

Additional fixes are available for some prior versions and are listed in the vendor's advisory.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 21 Aug 2013 12:08:42 -0400
Subject:  Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Multiple Vulnerabilities in Cisco Unified Communications Manager

Advisory ID: cisco-sa-20130821-cucm

Revision 1.0

For Public Release 2013 August 21 16:00  UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to modify data, execute arbitrary commands, or cause a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlIUzXcACgkQUddfH3/BbTpXXgD/WeFyThlNqzfx3Kaz/mbCYNSl
nw+mLEosxsMQ0kwhTYcA/0p6XATzXcrg/S2fFfez3FU1NT7RuVJIo38TqRiauwyo
=Yf0M
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC