Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities

2013-02-27T16:00:00
ID CISCO-SA-20130227-CUCM
Type cisco
Reporter Cisco
Modified 2013-02-27T15:53:00

Description

Cisco Unified Communications Manager 9.0 contains a vulnerability that could allow an unauthenticated, remote attacker to poison the Location Bandwidth Manager (LBM) transaction records.

The vulnerability is due to a lack of authentication of the remote LBM Hub node in the Intracluster communication between LBMs. An attacker could exploit this vulnerability by poisoning the LBM transaction records to consume all available bandwidth pools. An exploit could allow the attacker to consume all bandwidth and deny calls.

Cisco Unified Communications Manager contains a vulnerability which could allow an unauthenticated, remote attacker to cause a denial of service condition on the affected device. An attacker could exploit this issue by sending multiple, malformed UDP packets to closed ports on the device, which could result in a disruption of services.

Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services.

Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm"]