CVE-2013-3453 — Missing Release of Memory after Effective Lifetime in Cisco Unified Communications Manager

CWE-3994 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedAug 22

Latest updateMay 17

Description

Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager8.6\(4\)+113

🔴Vulnerability Details

GHSA

GHSA-256f-5rh3-pf6j: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8↗2022-05-17

▶

CVEList

CVE-2013-3453: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8↗2013-08-22

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability↗2013-08-21

▶