Signature Detail
Short Name |
VOIP:CISCO-UCM-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
VOIP |
Keywords |
Cisco Unified Communications Manager CTL Provider Heap Overflow |
Release Date |
2010/09/28 |
Update Number |
1780 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
VOIP: Cisco Unified Communications Manager CTL Provider Heap Overflow
This signature detects attempts to exploit a known vulnerability against Cisco Unified Communications Manager. A successful attack can lead to arbitrary code execution.
Extended Description
Cisco Unified Communications Manager (formerly known as CallManager) Certificate Trust List (CTL) Provider is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code or to cause denial-of-service conditions. This issue affects the following versions: Unified CallManager 4.0 and 4.1 prior to 4.1(3)SR5c Unified Communications Manager 4.2 prior to 4.2(3)SR3 Unified Communications Manager 4.3 prior to 4.3(1)SR1
Affected Products
- Cisco Unified CallManager 4.0
- Cisco Unified CallManager 4.1
- Cisco Unified CallManager 4.1(3)SR4
- Cisco Unified CallManager 4.1(3)Sr5
- Cisco Unified CallManager 4.1 (3)Sr5b
- Cisco Unified Communications Manager 4.2(3)Sr2
- Cisco Unified Communications Manager 4.2 (3)Sr2b
- Cisco Unified Communications Manager 4.3
References
- BugTraq: 27313
- CVE: CVE-2008-0027