Vulnslist

find the latest Cisco vulnerabilities

Cisco Unity Connection Memory Leak Denial of Service Vulnerability

Cisco-SA-20130218-CVE-2013-1129 · Medium · Published · Updated

Cisco Unity Connection contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the improper handling of user-supplied requests by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to an affected system. The processing of such requests could cause a DoS condition, denying access to legitimate users. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit this vulnerability, an attacker would need access to trusted, internal networks to submit malicious requests to the targeted system. This access requirement decreases the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1129
Cisco Bug IDsCSCud59736
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C
Product Names From Source
Cisco Unity Connection

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Unity Connection known_affected cisco_csaf CVE-2013-1129 1

Related Products

Product CVE Evidence
Cisco Unity CVE-2013-1129 Cisco OpenVuln
Cisco Unity Connection CVE-2013-1129 Cisco OpenVuln