-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Unified Communications Manager Express Vulnerability
http://www.cert-in.org.in/vulnerability/civn-2009-117.htm
Original Issue Date: October 07, 2009
Severity Rating:High
Systems Affected
Cisco IOS Devices that are configured for Cisco Unified Communication
Manager Express and the Extension Mobility feature, are found vulnerable.
Overview
Cisco IOS Software contains a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service condition or
execute arbitrary code.
Description
Cisco Unified CME is the call processing component of an enhanced IP
telephony solution that is integrated into Cisco IOS.
The vulnerability is in the login service of the Extension Mobility feature
of the Cisco Unified CME component. If auto registration feature is
enabled (enabled by default) an attacker can register its IP address and
subsequently send crafted HTTP requests to the login service of the
Extension Mobility feature that could trigger a buffer overflow and leads
either a denial of service condition ( DoS) or execute arbitrary code with
elevated privileges.
Solution
The vendor has issued a fix. Details are available at Cisco Security
Advisory
Vendor Information
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml
References
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml
VUPEN
http://www.vupen.com/english/advisories/2009/2758
SecurityFocus
http://www.securityfocus.com/bid/36498/
SecurityTracker
http://securitytracker.com/alerts/2009/Sep/1022932.html
CVE Name
CVE-2009-2865
Disclaimer
The information provided herein is on "as is" basis, without warranty of
any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSsyBcnWXeYNsoT30AQph1Qf/R1rKDIwbU+A1xXx3v4FWtQLOCSzcdj+H
vhX3sIQpy+tY9z+Je6FogtnqDj42jKywpnlGSmNJfy2sy4yGh10ZX13Fa7NCoWwT
62IhSayuZ+xgN5ECA9yHqX4oCld7N91RcZI/H7haSD3PYoz0y1syZsbkhT3pRLJQ
rSRk+LSi9C7Z6ilVvRXW0W0ftR4oy14Q/iWc8JWmB8l4mhs6dUu2gnahe0C32KUZ
qG6+wkvJhKRAlov31Hhg8aHaJpyz/UFhMLwhoP78/LLQFP0V42e6jHIQCwqcHy8V
trVtnsyzHK6CX4GdpE9SwuCUQ/bFoSu75PUNU5QGF9i/FODC2erd7w==
=fXno
-----END PGP SIGNATURE-----
No comments:
Post a Comment