Cisco Unified Presence Server Denial of Service Vulnerability

2013-02-27T16:00:00
ID CISCO-SA-20130227-CUPS
Type cisco
Reporter Cisco
Modified 2013-02-28T13:25:43

Description

Cisco Unified Presence Server (CUPS) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco has released software updates that address this vulnerability. A workaround is available to mitigate this vulnerability. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"]

Cisco Unified Presence Server (CUPS) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition against the affected device. An attacker could exploit this issue by sending a packet flood to the ESP port resulting in an increase in CPU utilization which could lead to a disruption of services.