Cisco Unified CallManager And Unified Server Multiple Remote Denial Of Service Vulnerabilities

Bugtraq ID:	23181
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1833 CVE-2007-1834 CVE-2007-1826
Remote:	Yes
Local:	No
Published:	Mar 28 2007 12:00AM
Updated:	Jul 06 2016 02:39PM
Credit:	The vendor reported these issues.
Vulnerable:	Cisco Unified Presence Server 1.0 Cisco Unified CallManager 5.0(4) Cisco Unified CallManager 5.0(3a) Cisco Unified CallManager 5.0(3) Cisco Unified CallManager 5.0(2) Cisco Unified CallManager 5.0(1) Cisco Unified CallManager 5.0 Cisco Unified CallManager 4.2 Cisco Unified CallManager 4.1 Cisco Unified CallManager 3.3
Not Vulnerable:	Cisco Unified Presence Server 1.0(3) Cisco Unified CallManager 5.0(4a)SU1 Cisco Unified CallManager 4.2(3)SR1 Cisco Unified CallManager 4.1(3)SR4 Cisco Unified CallManager 3.3(5)SR2a

Cisco Unified CallManager And Unified Server Multiple Remote Denial Of Service Vulnerabilities

Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests.

An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users.

Cisco Unified CallManager And Unified Server Multiple Remote Denial Of Service Vulnerabilities

An attacker can exploit these issues by using standard networking tools.

Cisco Unified CallManager And Unified Server Multiple Remote Denial Of Service Vulnerabilities

Solution:
The vendor released an advisory and fixes addressing these issues. Please see the references for more information.

Cisco Unified CallManager And Unified Server Multiple Remote Denial Of Service Vulnerabilities

References:

• Cisco Homepage (Cisco )
  
• Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server ([email protected])
  
• cisco-sa-20070328-voip: Cisco Security Advisory: Cisco Security Advisory: Multip (Cisco)