Guest

Preview Tool

Cisco Bug: CSCus15592 - CUCM: rsyslog: Remote Syslog PRI Vulnerability

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(1.98000.400)

Description (partial)

Symptom:
Cisco Unified Communications Manager (CallManager) includes a version of the remote syslog daemon (rsyslog)
that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE)
IDs:

CVE-2014-3634: rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers
to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a
crafted priority (PRI) value that triggers an out-of-bounds array access. This has been classified by the
vendor as having a CVSSv2 score of 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.