QID 317370
Date Published: 2023-10-17
QID 317370: Cisco Multiple Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service (DoS) Vulnerability (cisco-sa-cucm-apidos-PGsDcdNF)
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.
Following releases of Unified CM IM and P, Unified CM Unified and CM SME, Unity Connection
Unified CM Unified and CM SME
12.5(1) prior to 12.5(1)SU8
14 prior to ciscocm.V14SU3_CSCwf44755.cop.sha512
Unified CM IM and P
12.5(1) prior to 12.5(1)SU8
14 prior to ciscocm.cup_CSCwf62094_14SU3.cop.sha512
Unity Connection:
14 prior to ciscocm.cuc.V14SU3-CSCwf62081.k4.cop.sha512
QID Detection Logic (Authenticated):
The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using " Active Master Version:" command.
A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access.
Customers are advised to refer to cisco-sa-cucm-apidos-PGsDcdNF for more information.
- cisco-sa-cucm-apidos-PGsDcdNF -
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF
CVEs related to QID 317370
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-cucm-apidos-PGsDcdNF |
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF |