Conference Herald

New Denial of Service Vulnerability on Cisco Unified Communications Manager

Cisco Unified Communications Manager Denial of Service Vulnerability the Level of the attack is moderately critical. It is between 3 and 5. The attacker could launch the attack remotely. This Vulnerability concerns CUCM version 5.

1. Some vulnerabilities have been reported in Cisco Unified Communications Manager. An attacker could start Denial of Service (DoS) attacks to the Cisco CUCM version 5.
An error in the handling of SIP INVITE messages can be used to complete a review and disrupt voice services.

2. An error in the interpretation of network connections can be exploited to prevent further connections to system services, which are furnished by the creation of a large number of TCP connections with an affected system.

3. Two errors in the processing of SIP and SCCP packets can be exploited to the SIP port in the vicinity (5060/TCP and 5061/TCP) and SCCP port (2000/TCP and 2443/TCP) in the Flood affected system with a TCP packet.

Up to the date of this article, Cisco Systems does not have released a patch to circumvent this issue.

Note: Cisco Unified Communications Manager is an enterprise-class IP telephony call-processing system that provides traditional telephony features as well as advanced capabilities, such as mobility, presence, preference, and rich conferencing services.

A denial-of-service attack is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Cisco offers the ability to integrate Cisco Unified MeetingPlace voice conferencing with WebEx Meeting Center and WebEx Sales Center Web conferencing. For more info: www.cisco.com

Video Rating: 5 / 5

Learn More at All Conferencing, your home for web conferencing