Информационная безопасность
[RU] switch to English


DoS против Cisco Unified Communications Manager / Cisco Intercompany Media Engine Cisco TelePresence Codecs
дополнено с 30 августа 2011 г.
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11882
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при разборе пакета Service Advertisement Framework (SAF), отказ при разборе SIP, DoS через флуд соединениями.
Затронутые продукты:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.0
 CISCO : Unified Communications Manager 8.5
 CISCO : Intercompany Media Engine 8.0
 CISCO : TelePresence C40
 CISCO : TelePresence C60
 CISCO : TelePresence C90
 CISCO : TelePresence E20
 CISCO : TelePresence EX60
 CISCO : TelePresence EX90
 CISCO : TelePresence 6000 MXP
 CISCO : TelePresence 9000 MXP
CVE:CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.)
 CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.)
 CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.)
 CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.)
 CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.)
 CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.)
 CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.)
 CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.)
Оригинальный текстdocumentlists_(at)_senseofsecurity.com, Cisco TelePresence Multiple Vulnerabilities - SOS-11-010 (20.09.2011)
 documentCISCO, Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs (05.09.2011)
 documentCISCO, Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine (30.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород