Cisco Unified Communications Manager Insufficient SIP Rate Limiting Lets Remote Users Cause the Target System to Reload
Severity Rating: High
- Cisco Unified Communications Manager releases prior to the first fixed release
A vulnerability has been identified in Cisco Unified Communications Manager and can be exploited by remote attackers to cause a denial of service condition. The vulnerability exists in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) and is caused due to insufficient rate limiting protection. This vulnerability can allow remote attackers to send the affected device a high rate of SIP messages. Successful exploitation can allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.
Users are advised to apply updates.
More information is available on:
Cisco Security Bulletin
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street