Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2023-06444

Опубликовано: 27 окт. 2022
Источник: fstec
CVSS3: 8.6
CVSS2: 7.8
EPSS Низкий

Описание

Уязвимость систем обработки вызовов Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) и Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) связана с недостаточной проверкой поступающих запросов при обработке конечных точек. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании путем отправки специально созданных HTTP-запросов

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco Emergency Responder
Unity Connection
Cisco Prime Collaboration Deployment
Cisco Unified Communications Manager
Unified Communications Manager IM and Presence Service
Cisco Unified Communications Manager SME

Версия ПО

14SU3 (Cisco Emergency Responder)
14SU3 (Unity Connection)
14SU3 (Cisco Prime Collaboration Deployment)
14SU3 (Cisco Unified Communications Manager)
12.5(1)SU7 (Cisco Unified Communications Manager)
12.5(1)SU7 (Unified Communications Manager IM and Presence Service)
14SU3 (Unified Communications Manager IM and Presence Service)
14SU3 (Cisco Unified Communications Manager SME)
12.5(1)SU7 (Cisco Unified Communications Manager SME)

Тип ПО

Сетевое программное средство
Прикладное ПО информационных систем
ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 8,6)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 35%
0.00143
Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2023-20259

CVSS3: 8.6
nvd
больше 2 лет назад

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.

github логотип

GHSA-x67r-8jfc-3r5m

CVSS3: 8.6
github
больше 2 лет назад

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.

EPSS

Процентиль: 35%
0.00143
Низкий

8.6 High

CVSS3

7.8 High

CVSS2