Cisco Unified CallManager / Unified Presence Server multiple security vulnerabilities
Published:		28.03.2007
Source:		BUGTRAQ
SecurityVulns ID:		7485
Type:		remote
Level:		6/10
Description:		Denial of service with Skinny / SCCP protocol (TCP/2000, TCP/2443), ICMP echo requiests flood, IPSec (UDP/8500) parsing.

Affected:		CISCO : Unified CallManager 3.3
		CISCO : Unified CallManager 4.1
		CISCO : Unified CallManager 4.2
		CISCO : Unified CallManager 5.0
		CISCO : Unified Presence Server 1.0
CVE:		CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.)
		CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port.)
		CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.)

Original document

CISCO, [Full-disclosure] Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities (28.03.2007)

Discuss:

Read or add your comments to this news (0 comments)