Cisco Unified Communications Manager 8.6(x) < 8.6(2a)su2 / 9.x < 9.1(1) Multiple DoS (cisco-sa-20130227-cucm)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple denial of service
vulnerabilities.

Description :

According to its version number, the version of Cisco Unified
Communications Manager installed on the remote host is vulnerable to two
denial of service (DoS) vulnerabilities. The vulnerabilities are the
result of Intracluster Location Bandwidth Manager (LBM) communications
not requiring authentication and an incorrect handling of malformed UDP
packets received on unused ports.

These vulnerabilities could allow a remote, unauthenticated attacker
to cause an interruption of voice services and an inability to access
the system's Graphical User Interface (GUI).

See also :

http://www.nessus.org/u?d67c6687

Solution :

Upgrade to Cisco Unified Communications Manager 8.6(2a)su2 / 9.1(1) or
later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70127 ()

Bugtraq ID: 58219
58221

CVE ID: CVE-2013-1133
CVE-2013-1134