Cisco Unified Communications Manager Multiple DoS Vulnerabilities (cisco-sa-20130227-cucm)

high Nessus Plugin ID 70127

Synopsis

The remote host is affected by multiple denial of service vulnerabilities.

Description

According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by one of the following denial of service vulnerabilities :

- A flaw exists in the in the 8.6 branch due to improper processing of malformed packets to unused UDP ports.
A remote, unauthenticated attacker can cause an interruption of voice services and an inability to access the system's Graphical User Interface (GUI).
(CVE-2013-1133 / CSCtx43337)

- A flaw exists in the 9.0 branch due to the lack of authentication for Intracluster Location Bandwidth Manager (LBM) communication. A remote, unauthenticated attacker can poison LBM transaction records resulting in the interruption of voice services. (CVE-2013-1134 / CSCub28920)

Solution

Upgrade to Cisco Unified Communications Manager 8.6(2a)su2 / 9.1(1) or later.

See Also

http://www.nessus.org/u?d0a59d7d

Plugin Details

Severity: High

ID: 70127

File Name: cisco-sa-20130227-cucm.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 9/25/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:cisco:unified_communications_manager

Required KB Items: Host/Cisco/CUCM/Version, Host/Cisco/CUCM/Version_Display

Exploit Ease: No known exploits are available

Patch Publication Date: 2/27/2013

Vulnerability Publication Date: 2/27/2013

Reference Information

CVE: CVE-2013-1133, CVE-2013-1134

BID: 58219, 58221