Unified Communications Manager contains two DoS vulnerabilities involving evil SIP packets.
(Posted by Cisco Subnet editor Julie Bort while Jim Duffy is on vacation.) Cisco today issued a software patch for its Unified Communications Manager which contains two DoS vulnerabilities that involve the processing of SIP packets. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities. The vulnerabilities were discovered by Cisco and the company says it has not seen any attacks in the wild.
The following products are affected:
Cisco Unified Communications Manager 4.x
Cisco Unified Communications Manager 5.x
Cisco Unified Communications Manager 6.x
- Cisco Unified Communications Manager 7.x
If you are running UCM 5.1 (3g), a patch will be available in early September 2009.
More from Cisco Subnet:
Win great stuff from Cisco SubnetCisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feedFollow Cisco Subnet on Twitter.
- Juniper’s enterprise attack is making progress
- 100G Ethernet races to market
- Are HP, 3Com a better value than Cisco?
- When the compliance officer comes calling … hide the VMotion
- New features can open up Cisco IOS to hackers
- It’s Really Only Partly Cloudy Out There
- One Cool ISO: Fully Automated Nagios
- Video rental records more private than cloud data
Like e-mail? Subscribe to the




