Details of VAR-201308-0225

ID

VAR-201308-0225

CVE

CVE-2013-3460

TITLE

Cisco Unified Communications Manager Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003869

DESCRIPTION

Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597. Vendors have confirmed this vulnerability Bug ID CSCub85597 It is released as.High load by a third party UDP Service disruption via packets ( Stop service ) There is a possibility of being put into a state. A remote attacker may exploit this issue to cause denial-of-service conditions. This issue is tracked by Cisco Bug ID CSCub85597. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The following releases are affected: Cisco Unified CM 8.5(x) prior to 8.5(1)su6, 8.6(x) prior to 8.6(2a)su3, 9.x prior to 9.1(1)

Trust: 2.07

sources: NVD: CVE-2013-3460 // JVNDB: JVNDB-2013-003869 // BID: 61909 // VULHUB: VHN-63462 // VULMON: CVE-2013-3460

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.9
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(5)be3k	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(1)su6	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(2a)su3	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	8.5(x)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	8.6(x)	Trust: 0.8

sources: BID: 61909 // JVNDB: JVNDB-2013-003869 // CNNVD: CNNVD-201308-356 // NVD: CVE-2013-3460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3460
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3460
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201308-356
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63462
value:	HIGH
Trust: 0.1
VULMON:	CVE-2013-3460
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3460
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-63462
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63462 // VULMON: CVE-2013-3460 // JVNDB: JVNDB-2013-003869 // CNNVD: CNNVD-201308-356 // NVD: CVE-2013-3460

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-63462 // JVNDB: JVNDB-2013-003869 // NVD: CVE-2013-3460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-356

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201308-356

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003869

PATCH

title:	cisco-sa-20130821-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm	Trust: 0.8
title:	30432	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30432	Trust: 0.8
title:	cisco-sa-20130821-cucm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119757_cisco-sa-20130821-cucm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003869

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3460	Trust: 2.9
db:	SECTRACK	id:	1028938	Trust: 1.2
db:	BID	id:	61909	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003869	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-356	Trust: 0.7
db:	CISCO	id:	20130821 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	VULHUB	id:	VHN-63462	Trust: 0.1
db:	VULMON	id:	CVE-2013-3460	Trust: 0.1

sources: VULHUB: VHN-63462 // VULMON: CVE-2013-3460 // BID: 61909 // JVNDB: JVNDB-2013-003869 // CNNVD: CNNVD-201308-356 // NVD: CVE-2013-3460

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130821-cucm	Trust: 1.8
url:	http://www.securitytracker.com/id/1028938	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3460	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3460	Trust: 0.8
url:	http://www.securityfocus.com/bid/61909	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30432	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-63462 // VULMON: CVE-2013-3460 // BID: 61909 // JVNDB: JVNDB-2013-003869 // CNNVD: CNNVD-201308-356 // NVD: CVE-2013-3460

CREDITS

Cisco

Trust: 0.9

sources: BID: 61909 // CNNVD: CNNVD-201308-356

SOURCES

db:	VULHUB	id:	VHN-63462
db:	VULMON	id:	CVE-2013-3460
db:	BID	id:	61909
db:	JVNDB	id:	JVNDB-2013-003869
db:	CNNVD	id:	CNNVD-201308-356
db:	NVD	id:	CVE-2013-3460

LAST UPDATE DATE

2024-08-14T13:58:12.151000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63462	date:	2016-11-07T00:00:00
db:	VULMON	id:	CVE-2013-3460	date:	2016-11-07T00:00:00
db:	BID	id:	61909	date:	2013-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003869	date:	2013-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201308-356	date:	2013-09-05T00:00:00
db:	NVD	id:	CVE-2013-3460	date:	2016-11-07T14:44:43.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63462	date:	2013-08-25T00:00:00
db:	VULMON	id:	CVE-2013-3460	date:	2013-08-25T00:00:00
db:	BID	id:	61909	date:	2013-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003869	date:	2013-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201308-356	date:	2013-08-27T00:00:00
db:	NVD	id:	CVE-2013-3460	date:	2013-08-25T03:27:32.650