Vulnerabilities > CVE-2011-2560 - Resource Management Errors vulnerability in Cisco Unified Communications Manager

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

NVD

Published: 2011-08-29

Updated: 2012-06-15

Summary

The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Unified Communications Manager 4.1\(3\) Cisco Unified Communications Manager 4.1\(3\)Sr1 Cisco Unified Communications Manager 4.1\(3\)Sr2 Cisco Unified Communications Manager 4.1\(3\)Sr3 Cisco Unified Communications Manager 4.1\(3\)Sr4 Cisco Unified Communications Manager 4.2 Cisco Unified Communications Manager 4.2.1 Cisco Unified Communications Manager 4.2.2 Cisco Unified Communications Manager 4.2.3 Cisco Unified Communications Manager 4.2.3Sr1 Cisco Unified Communications Manager 4.2.3Sr2 Cisco Unified Communications Manager 4.2.3Sr2B Cisco Unified Communications Manager 4.3 Cisco Unified Communications Manager 4.3\(1\)	14

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml