Vulnslist

Cisco Unified Presence Memory Exhaustion Vulnerability

Cisco-SA-20130510-CVE-2013-1242 · Medium · Published 13 years ago · Updated 13 years ago

A vulnerability in the web framework of Cisco Unified Presence could allow an unauthenticated, remote attacker to cause an increase in memory utilization. The vulnerability is due to improper handling of memory allocation when the affected system is flooded with malformed TCP packets. An attacker could exploit this vulnerability by sending malformed TCP packets to the affected system. An exploit could allow the attacker to cause an increase in memory utilization. Memory utilization does not return to a normal state when the attack is terminated. A reboot is of the system is required to restore free memory. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit the vulnerability, an attacker would likely need access to an internal, trusted network to send malformed TCP packets to the targeted system, decreasing the likelihood of a successful exploit. Customers are advised to review the bug report in the "Vendor Announcements" section for a current list of affected versions. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

CSAF Product Statuses

Related Products