Cisco Bug: CSCuw31632 - Cisco CUCM IM and Presence Service REST API DoS Vulnerability
Dec 10, 2018
- Cisco Unified Communications Manager IM & Presence Service
- Cisco Unified Communications Manager IM and Presence Service Version 11.5
Known Affected Releases
Symptom: A vulnerability in the Representational State Transfer (REST) interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition because the Cisco Session Initiation Protocol (SIP) Proxy service can unexpectedly restart. The vulnerability is due to lack of proper input validation of the HTTP request when that request is sent to the REST interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the REST interface of the affected application. An exploit could allow the attacker to cause a partial DoS condition due to the Cisco SIP Proxy service unexpectedly restarting. Conditions: The application is running with default configuration with an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases