Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)


Cisco Unified Communications Manager Insufficient SIP Rate Limiting Lets Remote Users Cause the Target System to Reload
Severity Rating: High
Systems Affected:
  • Cisco Unified Communications Manager releases prior to the first fixed release
A vulnerability has been identified in Cisco Unified Communications Manager and can be exploited by remote attackers to cause a denial of service condition. The vulnerability exists in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) and is caused due to insufficient rate limiting protection. This vulnerability can allow remote attackers to send the affected device a high rate of SIP messages. Successful exploitation can allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.
Users are advised to apply updates.
More information is available on:
CVE Information
Vendor Information
Security Tracker
Cisco Security Bulletin
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis