CVE-2013-1134Improper Authentication in Cisco Unified Communications Manager

CWE-287Improper AuthenticationCWE-20Improper Input ValidationCWE-2644 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.5%
top 33.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedFeb 27
Latest updateMay 17

Description

The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-92m6-46vg-vqrh: The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 92022-05-17
CVEList
CVE-2013-1134: The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 92013-02-27

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities2013-02-27
CVE-2013-1134 — Improper Authentication in Cisco | cvebase