CVE-2013-3461

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.

Published: Aug 25, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-3461
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
cisco / unified_communications_manager	9.0(1)	9.0(1).x
cisco / unified_communications_manager	8.5(1)	8.5(1).x
cisco / unified_communications_manager	8.5(1)su4	8.5(1)su4.x
cisco / unified_communications_manager	8.5(1)su5	8.5(1)su5.x
cisco / unified_communications_manager	8.5(1)su2	8.5(1)su2.x
cisco / unified_communications_manager	8.5(1)su3	8.5(1)su3.x
cisco / unified_communications_manager	8.5	8.5.x
cisco / unified_communications_manager	8.5(1)su1	8.5(1)su1.x
cisco / unified_communications_manager	8.6(1)	8.6(1).x
cisco / unified_communications_manager	8.6(2a)su1	8.6(2a)su1.x
cisco / unified_communications_manager	8.6(2)	8.6(2).x
cisco / unified_communications_manager	8.6(2a)	8.6(2a).x
cisco / unified_communications_manager	8.6	8.6.x
cisco / unified_communications_manager	8.6(2a)su2	8.6(2a)su2.x
cisco / unified_communications_manager	8.6(1a)	8.6(1a).x

Vulnerability Database

289,784

CVE-2013-3461