CVE-2013-3461

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm	Vendor Advisory
http://www.securitytracker.com/id/1028938	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_communications_manager:9.0\(1\):*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:8.5:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su5:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:8.6:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su2:::::::*

History

No history.

Information

Published : 2013-08-25 03:27

Updated : 2023-12-10 11:16

NVD link : CVE-2013-3461

Mitre link : CVE-2013-3461

CVE.ORG link : CVE-2013-3461

JSON object : View

Products Affected

cisco

unified_communications_manager

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2013-3461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-25T03:27:32.673", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1028938", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869."}, {"lang": "es", "value": "Cisco Unified Communications Manager (Unified CM) v8.5(x) y v8.6(x) anterior a v8.6(2a)su3 y v9.x anterior a v9.1(1) no restringe adecuadamente el \u00edndice de paquetes SIP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU, y la interrupci\u00f3n del servicio) a trav\u00e9s de un flujo de paquetes UDP al puerto 5060, tambi\u00e9n conocido como Bug ID CSCub35869."}], "lastModified": "2016-11-07T14:47:26.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7285C0D-5337-49D0-A6EE-2385A7B4F510"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E1FA195-A711-4861-9B3D-A36D55C0F49D"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F252947A-82FE-4133-AA4F-E17758D7ECF7"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F61E277B-475A-40EC-8A67-CE2A17C94185"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D289E6D8-EA6A-4487-9513-6CCEE3740EA2"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06098E0B-20F8-4FCC-A384-01EA108F4549"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCF00D65-DE88-4287-82CB-552AB68AFE25"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B04ECEA-E097-4069-B6AC-74D477F03BF3"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5CCD3E6-6031-437E-862B-470E39FAF67D"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C31335-8001-4C83-A04B-6562CB39E3EC"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70757AD4-8F55-4C8B-886B-1D2E41670407"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}