Preview Tool

Cisco Bug: CSCus15592 - CUCM: rsyslog: Remote Syslog PRI Vulnerability

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases


Description (partial)

Cisco Unified Communications Manager (CallManager) includes a version of the remote syslog daemon (rsyslog)
that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE)

CVE-2014-3634: rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers
to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a
crafted priority (PRI) value that triggers an out-of-bounds array access. This has been classified by the
vendor as having a CVSSv2 score of 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)

This bug was opened to address the potential impact on this product.

Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.