CVE-2017-3808

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 10.5.2.14900-16 Cisco Unified Communications Manager versions prior to 11.0.1.23900-5 Cisco Unified Communications Manager versions prior to 11.5.1.12900-2 Microsoft Windows (affected versions not specified)

Description A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to insufficient rate limiting protection. An attacker could exploit this by sending a high rate of SIP messages to the affected device, potentially causing it to reload unexpectedly. The device and services will restart automatically.

Recommendations For Cisco Unified Communications Manager versions prior to 10.5.2.14900-16, update to version 10.5.2.14900-16 or later. For Cisco Unified Communications Manager versions prior to 11.0.1.23900-5, update to version 11.0.1.23900-5 or later. For Cisco Unified Communications Manager versions prior to 11.5.1.12900-2, update to version 11.5.1.12900-2 or later. For Microsoft Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability.