Details of VAR-201308-0226

ID

VAR-201308-0226

CVE

CVE-2013-3461

TITLE

Cisco Unified Communications Manager Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003870

DESCRIPTION

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCub35869. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The following versions are affected: Cisco Unified CM 8.5(x) and 8.6(2a) su3 prior to 8.6(x), 9.x prior to 9.1(1)

Trust: 1.98

sources: NVD: CVE-2013-3461 // JVNDB: JVNDB-2013-003870 // BID: 61908 // VULHUB: VHN-63463

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.9
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(2a)su3	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(5)be3k	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(x)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	8.6(x)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.6 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3

sources: BID: 61908 // JVNDB: JVNDB-2013-003870 // CNNVD: CNNVD-201308-355 // NVD: CVE-2013-3461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3461
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3461
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201308-355
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63463
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3461
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63463
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63463 // JVNDB: JVNDB-2013-003870 // CNNVD: CNNVD-201308-355 // NVD: CVE-2013-3461

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-63463 // JVNDB: JVNDB-2013-003870 // NVD: CVE-2013-3461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-355

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201308-355

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003870

PATCH

title:	cisco-sa-20130821-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm	Trust: 0.8
title:	30433	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30433	Trust: 0.8
title:	cisco-sa-20130821-cucm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119757_cisco-sa-20130821-cucm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003870

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3461	Trust: 2.8
db:	SECTRACK	id:	1028938	Trust: 1.1
db:	BID	id:	61908	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003870	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-355	Trust: 0.7
db:	CISCO	id:	20130821 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	VULHUB	id:	VHN-63463	Trust: 0.1

sources: VULHUB: VHN-63463 // BID: 61908 // JVNDB: JVNDB-2013-003870 // CNNVD: CNNVD-201308-355 // NVD: CVE-2013-3461

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130821-cucm	Trust: 1.7
url:	http://www.securitytracker.com/id/1028938	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3461	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3461	Trust: 0.8
url:	http://www.securityfocus.com/bid/61908	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-63463 // BID: 61908 // JVNDB: JVNDB-2013-003870 // CNNVD: CNNVD-201308-355 // NVD: CVE-2013-3461

CREDITS

Cisco

Trust: 0.9

sources: BID: 61908 // CNNVD: CNNVD-201308-355

SOURCES

db:	VULHUB	id:	VHN-63463
db:	BID	id:	61908
db:	JVNDB	id:	JVNDB-2013-003870
db:	CNNVD	id:	CNNVD-201308-355
db:	NVD	id:	CVE-2013-3461

LAST UPDATE DATE

2024-08-14T13:58:12.251000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63463	date:	2016-11-07T00:00:00
db:	BID	id:	61908	date:	2013-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003870	date:	2013-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201308-355	date:	2013-08-27T00:00:00
db:	NVD	id:	CVE-2013-3461	date:	2016-11-07T14:47:26.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63463	date:	2013-08-25T00:00:00
db:	BID	id:	61908	date:	2013-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003870	date:	2013-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201308-355	date:	2013-08-27T00:00:00
db:	NVD	id:	CVE-2013-3461	date:	2013-08-25T03:27:32.673