Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Jabber Extensible Communications Platform Connection Manager Vulnerability

Cisco-SA-20130412-CVE-2013-1187 · Medium · Published · Updated

A vulnerability in the Connection Manager component of Cisco Jabber Extensible Communications Platform (Jabber XCP) could allow an unauthenticated, remote attacker to crash the login connection manager service. The vulnerability is due to insufficient checking of received login data. An attacker could exploit this vulnerability by sending a corrupted stream of login packets. Cisco has confirmed the vulnerability in a security notice and software updates are available. To exploit the vulnerability, an attacker may need access to trusted, internal networks to send a series of corrupted login packets to the targeted system. This access requirement may reduce the likelihood of a successful attack. Customers are advised to review the bug report in the vendor announcements section for a current list of affected versions. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1187
Cisco Bug IDsCSCts76762
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Jabber Extensible Communications Platform (Jabber XCP)

Related Products

Product CVE Evidence
Cisco Jabber Extensible Communications Platform (Jabber XCP) CVE-2013-1187 Cisco OpenVuln
Cisco Jabber CVE-2013-1187 Cisco OpenVuln