The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Unified CallManager

vulnerability CVE-2011-2560 CVE-2011-2561 CVE-2011-2562

Cisco Unified Communications Manager: five denial of service

Synthesis of the vulnerability

A remote attacker can use five vulnerabilities of Cisco Unified Communications Manager, in order to create a denial of service.
Impacted products: Cisco CallManager, Cisco CUCM.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 25/08/2011.
Identifiers: 113127, 113136, 113199, BID-49300, BID-49302, CERTA-2011-AVI-477, CERTA-2011-AVI-478, cisco-amb-20110824-cucm-ime, cisco-sa-20110824-cucm, cisco-sa-20110824-ime, CSCtc61990, CSCtf97162, CSCth19417, CSCth26669, CSCth43256, CVE-2011-2560, CVE-2011-2561, CVE-2011-2562, CVE-2011-2563, CVE-2011-2564, VIGILANCE-VUL-10950.

Description of the vulnerability

Five vulnerabilities were announced in Cisco Unified Communications Manager.

The Packet Capture Service of Cisco Unified Communications Manager version 4 does not close idle connections. An attacker can therefore open several TCP sessions, in order to create a denial of service. [severity:3/4; CERTA-2011-AVI-478, CSCtf97162, CVE-2011-2560]

When the MTP (Media Termination Point) of Cisco Unified Communications Manager version 7 is configured with the codec g729ar8, an attacker can send a SIP packet with SDP (Session Description Protocol) data using this codec, in order to stop the service. [severity:3/4; CSCtc61990, CVE-2011-2561]

An attacker can send a malicious SIP packet, in order to stop the service. [severity:3/4; CSCth43256, CVE-2011-2562]

An attacker can send malicious SAF (Service Advertisement Framework) packets, in order to reload the service of Cisco Unified Communications Manager version 8 and Cisco Intercompany Media Engine. [severity:2/4; 113136, BID-49300, CERTA-2011-AVI-477, cisco-sa-20110824-ime, CSCth26669, CVE-2011-2563]

An attacker can send malicious SAF (Service Advertisement Framework) packets, in order to reload the service of Cisco Unified Communications Manager version 8 and Cisco Intercompany Media Engine. [severity:2/4; 113136, BID-49300, cisco-sa-20110824-ime, CSCth19417, CVE-2011-2564]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2010-0587 CVE-2010-0588 CVE-2010-0590

Cisco Unified Communications Manager: denials of service

Synthesis of the vulnerability

An attacker can use SCCP, SIP or CIT messages, in order to generate denials of service on Cisco Unified Communications Manager.
Impacted products: Cisco CallManager, Cisco CUCM.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/03/2010.
Identifiers: 111579, 111803, BID-38495, BID-38496, BID-38497, BID-38498, BID-38501, CERTA-2010-AVI-103, cisco-amb-20100303-cucm, cisco-sa-20100303-cucm, CSCsu31800, CSCtc37188, CSCtc38985, CSCtc47823, CSCtc62362, CVE-2010-0587, CVE-2010-0588, CVE-2010-0590, CVE-2010-0591, CVE-2010-0592, VIGILANCE-VUL-9491.

Description of the vulnerability

Five denials of service were announced in Cisco Unified Communications Manager.

An attacker can send a SCCP (Skinny Client Control Protocol) StationCapabilitiesRes message with a large MaxCap field, in order to stop a process, which leads to a denial of service. [severity:2/4; BID-38496, CERTA-2010-AVI-103, CSCtc38985, CVE-2010-0587]

An attacker can send a malformed SCCP (Skinny Client Control Protocol) RegAvailableLines/FwdStatReq message, in order to stop a process, which leads to a denial of service. [severity:2/4; BID-38501, CSCtc47823, CVE-2010-0588]

An attacker can send a malformed SIP REGISTER message, in order to stop a process, which leads to a denial of service. [severity:2/4; BID-38495, CSCtc37188, CVE-2010-0590]

An attacker can send a SIP REGISTER message with a malformed phone url, in order to stop a process, which leads to a denial of service. [severity:2/4; BID-38498, CSCtc62362, CVE-2010-0591]

An attacker can send a malformed CIT (Computer Telephony Integration) message on the port 2748/tcp, in order to stop CTI Manager. [severity:2/4; BID-38497, CSCsu31800, CVE-2010-0592]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2010-0146 CVE-2010-0147 CVE-2010-0148

Cisco Security Agent: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of Cisco Security Agent, in order to access to files, to inject SQL, or to create a denial of service.
Impacted products: Secure ACS, Cisco CallManager, Cisco MeetingPlace, Cisco Unity ~ precise.
Severity: 3/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/02/2010.
Identifiers: 111512, 111742, BID-38271, BID-38272, BID-38273, CERTA-2010-AVI-086, cisco-sa-20100217-csa, CSCtb89870, CSCtd73275, CSCtd73290, CVE-2010-0146, CVE-2010-0147, CVE-2010-0148, VIGILANCE-VUL-9457.

Description of the vulnerability

Three vulnerabilities were announced in Cisco Security Agent, which can be installed with several Cisco products.

When a server uses the Management Center of Cisco Security Agent version 6.0, an attacker can use a query traversing the root directory, in order to access to a file located on the system. [severity:3/4; BID-38271, CERTA-2010-AVI-086, CSCtd73275, CVE-2010-0146]

When a server uses the Management Center of Cisco Security Agent version 5.1, 5.2 or 6.0, an attacker can use a SQL injection, in order to alter data. [severity:3/4; BID-38272, CSCtd73290, CVE-2010-0147]

When a server uses Cisco Security Agent 5.2, an attacker can generate a denial of service. [severity:2/4; BID-38273, CSCtb89870, CVE-2010-0148]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-3555

TLS, OpenSSL, GnuTLS: vulnerability of the renegotiation

Synthesis of the vulnerability

A remote attacker can use a vulnerability of TLS in order to insert plain text data during a renegotiation via a man-in-the-middle attack.
Impacted products: Apache httpd, ArubaOS, BES, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco CSS, IOS by Cisco, IOS XR Cisco, IronPort Email, IronPort Management, Cisco Router, Secure ACS, Cisco CallManager, Cisco CUCM, Cisco IP Phone, WebNS, XenApp, XenDesktop, XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, FortiOS, FreeBSD, HP-UX, AIX, WebSphere AS Traditional, IVE OS, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, Mandriva Linux, Mandriva NF, IIS, Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, NSS, NetBSD, NetScreen Firewall, ScreenOS, NLD, OES, OpenBSD, OpenSolaris, OpenSSL, openSUSE, Oracle Directory Server, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Trusted Solaris, ProFTPD, SSL protocol, RHEL, Slackware, Sun AS, SUSE Linux Enterprise Desktop, SLES, TurboLinux, Unix (platform) ~ not comprehensive, ESX.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 10/11/2009.
Identifiers: 1021653, 111046, 273029, 273350, 274990, 6898371, 6898539, 6898546, 6899486, 6899619, 6900117, 977377, AID-020810, BID-36935, c01945686, c01963123, c02079216, CERTA-2011-ALE-005, CERTFR-2017-AVI-392, CERTFR-2019-AVI-325, cisco-sa-20091109-tls, CTX123248, CTX123359, CVE-2009-3555, DSA-1934-1, DSA-2141-1, DSA-2141-2, DSA-2141-4, DSA-2626-1, DSA-3253-1, FEDORA-2009-12229, FEDORA-2009-12305, FEDORA-2009-12606, FEDORA-2009-12750, FEDORA-2009-12775, FEDORA-2009-12782, FEDORA-2009-12968, FEDORA-2009-13236, FEDORA-2009-13250, FEDORA-2010-1127, FEDORA-2010-3905, FEDORA-2010-3929, FEDORA-2010-3956, FEDORA-2010-5357, FEDORA-2010-8742, FEDORA-2010-9487, FEDORA-2010-9518, FG-IR-17-137, FreeBSD-SA-09:15.ssl, HPSBUX02482, HPSBUX02498, HPSBUX02517, JSA10939, KB25966, MDVSA-2009:295, MDVSA-2009:323, MDVSA-2009:337, MDVSA-2010:069, MDVSA-2010:076, MDVSA-2010:076-1, MDVSA-2010:089, MDVSA-2013:019, NetBSD-SA2010-002, openSUSE-SU-2010:1025-1, openSUSE-SU-2010:1025-2, openSUSE-SU-2011:0845-1, PM04482, PM04483, PM04534, PM04544, PM06400, PSN-2011-06-290, PSN-2012-11-767, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0119-01, RHSA-2010:0130-01, RHSA-2010:0155-01, RHSA-2010:0162-01, RHSA-2010:0163-01, RHSA-2010:0164-01, RHSA-2010:0165-01, RHSA-2010:0166-01, RHSA-2010:0167-01, SOL10737, SSA:2009-320-01, SSA:2010-067-01, SSRT090249, SSRT090264, SSRT100058, SUSE-SA:2009:057, SUSE-SA:2010:020, SUSE-SR:2010:008, SUSE-SR:2010:012, SUSE-SR:2011:008, SUSE-SU-2011:0847-1, TLSA-2009-30, TLSA-2009-32, VIGILANCE-VUL-9181, VMSA-2010-0015, VMSA-2010-0015.1, VMSA-2010-0019, VMSA-2010-0019.1, VMSA-2010-0019.2, VMSA-2010-0019.3, VU#120541.

Description of the vulnerability

Transport Layer Security (TLS) is a cryptographic protocol for network transport.

When opening a connection using TLS, a negotiation mechanism allows the client and server to agree on the encryption algorithm to use.

The protocol allows for renegotiation at any time during the connection. However, the handling of those renegotiations has a vulnerability.

A remote attacker can therefore exploit this vulnerability in order to insert plain text data via a man-in-the-middle attack.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-2050 CVE-2009-2051 CVE-2009-2052

Cisco Unified Communications Manager: denials of service

Synthesis of the vulnerability

An attacker can use five vulnerabilities of Cisco Unified Communications Manager, in order to generate a denial of service.
Impacted products: Cisco CallManager, Cisco CUCM.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 26/08/2009.
Identifiers: 110580, 110849, BID-36152, CERTA-2009-AVI-357, cisco-sa-20090826-cucm, CSCsi46466, CSCsq22534, CSCsx23689, CSCsx32236, CSCsz40392, CVE-2009-2050, CVE-2009-2051, CVE-2009-2052, CVE-2009-2053, CVE-2009-2054, VIGILANCE-VUL-8978.

Description of the vulnerability

An attacker can use five vulnerabilities of Cisco Unified Communications Manager, in order to generate a denial of service.

An attacker can use a SIP packet with a malformed header, in order to stop the service. [severity:3/4; CERTA-2009-AVI-357, CSCsi46466, CVE-2009-2050]

An attacker can use a malformed SIP INVITE packet, in order to stop the service. [severity:3/4; CSCsz40392, CVE-2009-2051]

An attacker can use several TCP sessions, in order to fill the firewall session table. [severity:2/4; CSCsq22534, CVE-2009-2052]

An attacker can use several SCCP sessions, in order to use all available file descriptors. [severity:2/4; CSCsx32236, CVE-2009-2053]

An attacker can use several SIP sessions, in order to use all available file descriptors. [severity:2/4; CSCsx23689, CVE-2009-2054]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2009-0632

Cisco Unified Communications Manager: obtaining the password

Synthesis of the vulnerability

A privileged password is sent in clear by Cisco Unified Communications Manager.
Impacted products: Cisco CallManager, Cisco CUCM.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 11/03/2009.
Identifiers: 109351, 109446, BID-34082, CERTA-2009-AVI-095, cisco-amb-20090311-cucmpab, cisco-sa-20090311-cucmpab, CSCso76587, CSCso78528, CVE-2009-0632, VIGILANCE-VUL-8532.

Description of the vulnerability

The Cisco Unified Communications Manager product can be used by a client to synchronize his address book, via the IP Phone PAB Synchronizer (Personal Address Book) feature, which listens on ports 8404/tcp and 8405/tcp.

When the client connects to Cisco Unified Communications Manager, the LDAPDetails.asp script sends the LDAP directory password to the client. The client can then connect to the directory to change his information.

However, this password is privileged, and is sent in clear form.

An attacker can therefore capture this password in order to modify the directory contents.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.