Cisco Unified Communications Manager vulnerabilities

CVE-2009-2053 [HIGH] CVE-2009-2053: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x b Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.

CVE-2009-0632 [CRITICAL] CWE-255 CVE-2009-0632: The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manage The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote a

CVE-2009-0057 [MEDIUM] CWE-20 CVE-2009-0057: The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."

CVE-2008-3800 [HIGH] CVE-2008-3800: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability tha

CVE-2008-3801 [HIGH] CVE-2008-3801: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability tha

CVE-2008-2061 [HIGH] CWE-20 CVE-2008-2061: The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CU The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.

CVE-2008-2730 [MEDIUM] CWE-287 CVE-2008-2730: The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manage The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.

CVE-2008-2062 [MEDIUM] CWE-264 CVE-2008-2062: The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manage The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.

CVE-2008-1746 [HIGH] CWE-20 CVE-2008-1746: The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (IS

CVE-2008-1743 [HIGH] CWE-399 CVE-2008-1743: Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Man Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.

CVE-2008-1742 [HIGH] CWE-399 CVE-2008-1742: Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Man Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.

CVE-2008-1745 [HIGH] CWE-20 CVE-2008-1745: Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote at Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.

CVE-2008-1747 [HIGH] CWE-20 CVE-2008-1747: Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4 Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.

CVE-2008-1748 [HIGH] CWE-20 CVE-2008-1748: Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.

CVE-2008-1744 [HIGH] CWE-20 CVE-2008-1744: The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUC The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.

CVE-2008-1154 [CRITICAL] CWE-287 CVE-2008-1154: The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, includ The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute ar

CVE-2008-0026 [MEDIUM] CWE-89 CVE-2008-0026: SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 befor SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

CVE-2008-0027 [CRITICAL] CWE-119 CVE-2008-0027: Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

CVE-2007-5538 [CRITICAL] CWE-119 CVE-2007-5538: Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.

CVE-2007-5537 [HIGH] CWE-399 CVE-2007-5537: Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified Cal Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.