Cisco Unity Connection Remote Denial of Service (cisco-sa-20120229-cuc)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The version of Cisco Unity Connection on the remote host is affected by
a denial of service vulnerability.

Description :

Cisco Unity Connection before 7.1.5b(Su5), 8.0, 8.5 before 8.5.1(Su3),
and 8.6 before 8.6.2 allows remote attackers to cause a denial of
service (services crash) via a series of crafted TCP segments, aka Bug
ID CSCtq67899.

See also :

http://www.nessus.org/u?2a75dad4

Solution :

Upgrade to Cisco Unity Connection 8.6.2 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70198 ()

Bugtraq ID: 52217

CVE ID: CVE-2012-0367