The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IP Communicator

vulnerability note CVE-2015-4240

Cisco IP Communicator: denial of service against the Web interface

Synthesis of the vulnerability

An attacker can request a special URL to the Web interface of Cisco IP Communicator, in order to trigger a denial of service.
Impacted products: Cisco IP Communicator.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 08/07/2015.
Identifiers: 39623, CVE-2015-4240, VIGILANCE-VUL-17324.

Description of the vulnerability

The Cisco IP Communicator product offers a web service.

However, there is a class of URL which make the server crash when it attempts to serve them. One GET request is sufficient to kill the Web service.

An attacker can therefore request a special URL to the Web interface of Cisco IP Communicator, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-2490

Cisco IP Communicator: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of Cisco IP Communicator, in order to deceive the victim or to obtain a password.
Impacted products: Cisco IP Communicator.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/08/2012.
Identifiers: 26606, BID-54850, CSCts16694, CSCtz01471, CVE-2012-2490, VIGILANCE-VUL-11829.

Description of the vulnerability

Two vulnerabilities were announced in Cisco IP Communicator.

Cisco IP Communicator does not check the list of trusted certificates. [severity:2/4; 26606, CSCtz01471, CVE-2012-2490]

The password of IP Phones is stored in clear text. [severity:1/4; CSCts16694]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-0361

Cisco IP Communicator: denial of service via SCCP

Synthesis of the vulnerability

An attacker can use Cisco IP Communicator, to send SCCP (Skinny Call Control Protocol) messages, in order to create a denial of service.
Impacted products: Cisco IP Communicator.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 04/05/2012.
Identifiers: CSCti40315, CVE-2012-0361, VIGILANCE-VUL-11583.

Description of the vulnerability

An attacker can use Cisco IP Communicator, to send SCCP (Skinny Call Control Protocol) messages, in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IP Communicator: