Cisco Unified Communications Manager CVE-2017-3808 Denial of Service Vulnerability
by CIRT Team
Description: The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.
Related CVE: CVE-2017-3808
Impact: A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Following versions are affected:
- Cisco Unified Communications Manager 11.5(1.10000.6)
- Cisco Unified Communications Manager 11.0(1.10000.10)
- Cisco Unified Communications Manager 10.5(2.10000.5)
Mitigation: Cisco has released software updates that addresses this vulnerability.
Reference URL’s:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
- http://www.securityfocus.com/bid/97922
Recommended Posts
Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages
08 Oct 2024 - Security Advisories & Alerts