Alexander Henneberger

**Name of the Vulnerable Software and Affected Versions** Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified) **Description** A vulnerability in the Administrative XML Web Service (AXL) API could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this by sending crafted HTTP input to an affected device, potentially causing a DoS condition. **Recommendations** For Cisco Unified Communications Manager, update to a version that addresses the insufficient validation of user-supplied input. For Cisco Unified Communications Manager Session Management Edition, update to a version that addresses the insufficient validation of user-supplied input. As a temporary workaround, consider restricting access to the Administrative XML Web Service (AXL) API to minimize the risk of exploitation.