CVE-2013-1134

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (CUCM) versions 9.0 through 9.1(1)

Description The issue concerns the Location Bandwidth Manager (LBM) Intracluster-communication feature, which does not require authentication from the remote LBM Hub node. This allows remote attackers to conduct cache-poisoning attacks against transaction records, resulting in a denial of service due to bandwidth-pool consumption and call outage.

Recommendations For Cisco Unified Communications Manager (CUCM) versions 9.0 through 9.1(1), update to version 9.1(1) or later to resolve the issue.