Cisco Unified Communications Manager Denial of Service Vulnerability

2023-06-0716:00:00

tools.cisco.com

cisco

unified communications manager

axl api

denial of service

vulnerability

authentication

remote attacker

web ui

self care portal

http input

software updates.

EPSS

0.001

Percentile

29.2%

JSON

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD”]

Affected configurations

Vulners

Node

ciscounified_communications_managerMatchany

ciscounity_connectionMatchany

ciscounified_communications_managerMatchany

ciscounity_connectionMatchany

VendorProductVersionCPE
ciscounified_communications_manageranycpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:*
ciscounity_connectionanycpe:2.3:a:cisco:unity_connection:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	any	cpe:2.3:a:cisco:unified_communications_manager:any:::::::*
cisco	unity_connection	any	cpe:2.3:a:cisco:unity_connection:any:::::::*