Multiple vulnerabilities have been identified in Cisco Unified Communications Manager, which could be exploited by remote attackers to cause a denial of service. These issues are caused by errors when processing malformed Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) or Computer Telephony Integration (CTI) messages, which could be exploited to cause an interruption of voice services or CTI applications, creating a denial of service condition.

Affected Products

Cisco Unified Communications Manager versions 4.x
Cisco Unified Communications Manager versions 5.x
Cisco Unified Communications Manager versions 6.x
Cisco Unified Communications Manager versions 7.x

Solution

Cisco Unified Communications Manager versions 4.x - Upgrade to version 4.3(2)SR2

Cisco Unified Communications Manager versions 5.x - version 5.1 has reached the End of Software Maintenance on February 13, 2010.

Cisco Unified Communications Manager versions 6.x - Upgrade to version 6.1(5)

Cisco Unified Communications Manager versions 7.x - Upgrade to version 7.1(3b)SU2

Cisco Unified Communications Manager versions 8.x - Upgrade to version 8.0(1)

References

http://www.vupen.com/english/advisories/2010/0530
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml

Credits

Vulnerabilities reported by Sipera VIPER Lab and the vendor.

Changelog

2010-03-04 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.