Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability (cisco-sa-20120926-cucm)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco Unified Communications Manager contains a vulnerability in its
Session Initiation Protocol (SIP) implementation that could allow an
unauthenticated, remote attacker to cause a critical service to fail,
which could interrupt voice services. Affected devices must be
configured to process SIP messages for this vulnerability to be
exploitable. Cisco has released free software updates that address
this vulnerability. A workaround exists for customers who do not
require SIP in their environment. This advisory is available at

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 67203 ()

Bugtraq ID: 55697

CVE ID: CVE-2012-3949

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now