Cisco Unified Communications Manager Multiple DoS Vulnerabilities (cisco-sa-20130227-cucm)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by multiple denial of service

Description :

According to its self-reported version, the remote Cisco Unified
Communications Manager (CUCM) device is affected by one of the
following denial of service vulnerabilities :

- A flaw exists in the in the 8.6 branch due to improper
processing of malformed packets to unused UDP ports.
A remote, unauthenticated attacker can cause an
interruption of voice services and an inability to
access the system's Graphical User Interface (GUI).
(CVE-2013-1133 / CSCtx43337)

- A flaw exists in the 9.0 branch due to the lack of
authentication for Intracluster Location Bandwidth
Manager (LBM) communication. A remote, unauthenticated
attacker can poison LBM transaction records resulting in
the interruption of voice services. (CVE-2013-1134 /

See also :

Solution :

Upgrade to Cisco Unified Communications Manager 8.6(2a)su2 / 9.1(1) or

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70127 ()

Bugtraq ID: 58219

CVE ID: CVE-2013-1133