cisco-sa-20190703-cucm-dos: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
First published: Wed Jul 03 2019(Updated: )
A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager or Unified Communications Manager Session Management Edition. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =12.5<Apply patch file ciscocm.V12-5-1-10000-22_CSCvo70834_C0003-1.cop.sgn or upgrade to 12.5(1)SU1=12.0<Apply patch file ciscocm.V12-0-1-22900-11_CSCvo70834_C0003-1.cop.sgn or upgrade to 12.0(1)SU3=11.5<Apply patch file ciscocm.V11-5-1-SU5-SU6_CSCvo70834_C0003-1.cop.sgn=10.5(2)<Apply patch file ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn=Prior to 10.5(2)<Migrate to 10.5(2) and apply patch file ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn | Apply patch file ciscocm.V12-5-1-10000-22_CSCvo70834_C0003-1.cop.sgn or upgrade to 12.5(1)SU1 Apply patch file ciscocm.V12-0-1-22900-11_CSCvo70834_C0003-1.cop.sgn or upgrade to 12.0(1)SU3 Apply patch file ciscocm.V11-5-1-SU5-SU6_CSCvo70834_C0003-1.cop.sgn Apply patch file ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn Migrate to 10.5(2) and apply patch file ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/references
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/12.5
- version/cisco unified communications manager/12.0
- version/cisco unified communications manager/11.5
- version/cisco unified communications manager/10.5(2)
- version/cisco unified communications manager/prior to 10.5(2)