Cisco Unified Communications Manager IM and Presence Server DoS (cisco-sa-20130821-cup)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch.

Description :

According to its self-reported version, the version of Cisco Unified
Communications Manager IM and Presence Server installed on the remote
host has a denial of service vulnerability. An unauthenticated, remote
attacker could exploit this by creating a large number of connections to
the SIP ports (TCP 5060, and 5061) on the device resulting in excessive
memory consumption. The device must be restarted to fix the denial of
service condition.

See also :

http://www.nessus.org/u?50c9459e

Solution :

Upgrade to Cisco Unified Presence Server 8.6(5)SU1 / 9.1(2) or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 69553 ()

Bugtraq ID: 61917

CVE ID: CVE-2013-3453