CVE-2013-3461

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
ciscounified_communications_manager
9.0\(1\)
ciscounified_communications_manager
8.5
ciscounified_communications_manager
8.5\(1\)
ciscounified_communications_manager
8.5\(1\)su1
ciscounified_communications_manager
8.5\(1\)su2
ciscounified_communications_manager
8.5\(1\)su3
ciscounified_communications_manager
8.5\(1\)su4
ciscounified_communications_manager
8.5\(1\)su5
ciscounified_communications_manager
8.6
ciscounified_communications_manager
8.6\(1\)
ciscounified_communications_manager
8.6\(1a\)
ciscounified_communications_manager
8.6\(2\)
ciscounified_communications_manager
8.6\(2a\)
ciscounified_communications_manager
8.6\(2a\)su1
ciscounified_communications_manager
8.6\(2a\)su2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm
http://www.securitytracker.com/id/1028938
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm
http://www.securitytracker.com/id/1028938