HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2010-54
Cisco Unified Communications Manager SCCP Packet Processing Denial of Service Vulnerability

Original Issue Date: March 09, 2010

Severity Rating: Medium

System Affected

The following Cisco Unified Communications Manager versions are vulnerable:

  • Versions prior to 6.1(5)
  • Versions prior to 7.1(3a)su1
  • Versions prior to 8.0(1)

Overview

A vulnerability has been reported in Cisco Unified Communications Manager that could allow a remote attacker to cause a denial of service (DoS) condition.

Description

The vulnerability exists because of errors in processing Skinny Client Control Protocol (SCCP) packets. A remote attacker could exploit the vulnerability by sending a malicious network packet to the targeted system. The software may accept SCCP packets via TCP and UDP ports in the 2000 to 2443 range. Processing the malicious network messages could cause application processes to terminate, resulting in a DoS condition.

Solution

Apply appropriate software fixes as mentioned in
Cisco Security Advisory

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml

References

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=20000

VUPEN
http://www.vupen.com/english/advisories/2010/0530

SecurityTracker
http://securitytracker.com/alerts/2010/Mar/1023670.html

CVE Name
CVE-2010-0588

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003