Cisco Unified Communications Manager CVE-2017-3808 Denial of Service Vulnerability

by CIRT Team

Description: The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.

Related CVE: CVE-2017-3808

Impact:  A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Following versions are affected:

• Cisco Unified Communications Manager 11.5(1.10000.6)
• Cisco Unified Communications Manager 11.0(1.10000.10)
• Cisco Unified Communications Manager 10.5(2.10000.5)

Mitigation: Cisco has released software updates that addresses this vulnerability.

Reference URL’s:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
• http://www.securityfocus.com/bid/97922

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts