Cisco Unified Communications Manager CVE-2017-3808 Denial of Service Vulnerability

Description: The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically.

Related CVE: CVE-2017-3808

Impact:  A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Following versions are affected:

  • Cisco Unified Communications Manager 11.5(1.10000.6)
  • Cisco Unified Communications Manager 11.0(1.10000.10)
  • Cisco Unified Communications Manager 10.5(2.10000.5)

Mitigation: Cisco has released software updates that addresses this vulnerability.

Reference URL’s:

Share