cisco-sa-20180815-ucmimps-dos: Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability
First published: Wed Aug 15 2018(Updated: )
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager IM and Presence Service | =12.0(1)<12.0.1.21000-31=11.5(1)<11.5(1)SU4=11.0(1)<Migrate to 11.5(1)SU4=10.5(2)<10.5(2)SU (Future release)=10.5(1) and earlier<Migrate to 11.5(1)SU4 | 12.0.1.21000-31 11.5(1)SU4 Migrate to 11.5(1)SU4 10.5(2)SU (Future release) Migrate to 11.5(1)SU4 |
| Cisco TelePresence VCS and Expressway Major | =X8<X8.11=X7 and earlier<Migrate to X8.11 | X8.11 Migrate to X8.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/softwarecombine
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager im and presence service
- version/cisco unified communications manager im and presence service/12.0(1)
- version/cisco unified communications manager im and presence service/11.5(1)
- version/cisco unified communications manager im and presence service/11.0(1)
- version/cisco unified communications manager im and presence service/10.5(2)
- version/cisco unified communications manager im and presence service/10.5(1) and earlier
- canonical/cisco telepresence vcs and expressway major
- version/cisco telepresence vcs and expressway major/x8
- version/cisco telepresence vcs and expressway major/x7 and earlier