Nacionalni CERT

Ranjivost Cisco Unified Communications Manager proizvoda

<p>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br />Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerability<br /><br />Advisory ID: cisco-sa-20170419-ucm<br /><br />Revision: 1.0<br /><br />For Public Release: 2017 April 19 16:00 GMT<br /><br />Last Updated: 2017 April 19 16:00 GMT<br /><br />CVE ID(s): CVE-2017-3808<br /><br />CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H<br /><br />+---------------------------------------------------------------------<br /><br />Summary<br />=======<br />A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /><br />The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.<br /><br />Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /><br />This advisory is available at the following link:<br />https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci... ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci... /><br />-----BEGIN PGP SIGNATURE-----<br /><br />iQKBBAEBAgBrBQJY94y/ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg<br />SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx<br />NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHk7HA//cX6yBpIrO8HO28wG<br />aJyCL1zphlqTudg/fwr/v3vzfAu2+/aZZil6j0TEopmMuSeH5s6flLS8tFSZPzth<br />cRAcquWnM8HfQPjgot3nvhns8VZVIXUsxcXEzAtZzn/ws7GCphAHBQfcxtMVNttZ<br />AvOmHYo+Qhi7y5npb9WAM5Q8f7VXqMmuZJGSqZFH1aPVipsXpd6m3WU/1tpIwcLl<br />e4ryVuocG3S1onZwhGZMCayYCoEanOFMQwLsDgkmwN2Z2k4kQhIX7NEBAJfFbndv<br />jTYv91yiipT6jh1LwhvpeW7zaf/YmViS8EJrsmgkQRvXZg/NROWkle+ytMMEQZsd<br />8xd9KexveL+PzcrsYoF8esdfAJEhm+pzCwyBUyfLo7fPndrbahP4vF6eZH7tg9nD<br />OMpdpleXBDJZ9whjTOPtnRySxyEBFVtNcLP5hB8S4an7U+2rdheW4Nfhm+J9bdJV<br />OSThBUegBw6JSPGfdvA+/SzqNLE3f8bGvodWkhaWQfkJRqYyCepfgDBv4XuaO52+<br />b4es5Qmiq+fJzHIamkh8FWO802lcdLuUAEAZfYrt9a3JUSsqyPDdmZaz8lg5rQh/<br />7YmWCp3EWabRVUPr2ZzcH0zeGG8KvNW89h37gnKXz7UWUg/sAl43Fc/MrMOo4CF8<br />NeGROAJ4Q6Lqmg9OOp11C5+AaYk=<br />=mfF+<br />-----END PGP SIGNATURE-----<br /><br /><br />_______________________________________________<br />cust-security-announce mailing list<br />cust-security-announce@cisco.com<br />To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com</p>
Otkrivena je ranjivost u funkcijama obrade SIP protokola Cisco Unified Communications Manager (Cisco Unified CM) proizvoda uzrokovana nedostatnom razinom ograničenja zaštite. Otkrivena ranjivost potencijalnim napadačima omogućuje izazivanje DoS stanja neočekivanim ponovnim pokretanjem uređaja i servisa. Savjetuje se ažuriranje izdanim zakrpama.