Guest

Preview Tool

Cisco Bug: CSCuw31632 - Cisco CUCM IM and Presence Service REST API DoS Vulnerability

Last Modified

Jun 29, 2018

Products (2)

  • Cisco Unified Communications Manager IM & Presence Service
  • Cisco Unified Communications Manager IM and Presence Service Version 11.5

Known Affected Releases

11.5(1)

Description (partial)

Symptom:
A vulnerability in the Representational State Transfer (REST) interface of the Cisco Unified 
Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker 
to cause a partial denial of service (DoS) condition because the Cisco Session Initiation 
Protocol (SIP) Proxy service can unexpectedly restart.

The vulnerability is due to lack of proper input validation of the HTTP request when that request 
is sent to the REST interface. An attacker could exploit this vulnerability by sending a crafted 
HTTP request to the REST interface of the affected application. An exploit could allow the attacker 
to cause a partial DoS condition due to the Cisco SIP Proxy service unexpectedly restarting.

Conditions:
The application is running with default configuration with an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.