Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability (cisco-sa-20120926-cucm)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco Unified Communications Manager contains a vulnerability in its
Session Initiation Protocol (SIP) implementation that could allow an
unauthenticated, remote attacker to cause a critical service to fail,
which could interrupt voice services. Affected devices must be
configured to process SIP messages for this vulnerability to be
exploitable. Cisco has released free software updates that address
this vulnerability. A workaround exists for customers who do not
require SIP in their environment. This advisory is available at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c
isco-sa-20120926-cucm.

See also :

http://www.nessus.org/u?77e859bb

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120926-cucm.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 67203 ()

Bugtraq ID: 55697

CVE ID: CVE-2012-3949