PT-2012-2520 · Cisco · Cisco Ip Communicator+1

Published

2012-05-02

Updated

2012-10-30

CVE-2012-0361

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Cisco IP Communicator versions 7.0 through 8.6

Description The issue concerns the sccp-protocol component, which does not limit the rate of SCCP messages to Cisco Unified Communications Manager. This allows remote attackers to cause a denial of service via vectors that trigger on hook and off hook messages.

Recommendations For Cisco IP Communicator versions 7.0 through 8.6, consider implementing rate limiting for SCCP messages to Cisco Unified Communications Manager as a temporary workaround to minimize the risk of denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-0361

Affected Products

Cisco Ip Communicator

Cisco Unified Communications Manager

PT-2012-2520 · Cisco · Cisco Ip Communicator+1

CVE-2012-0361

Weakness Enumeration

Related Identifiers

Affected Products

References · 3