Vulnerability-Lookup

CVE-2013-3461 (GCVE-0-2013-3461)

Vulnerability from cvelistv5 – Published: 2013-08-25 01:00 – Updated: 2024-08-06 16:07

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

VAR-201308-0226

Vulnerability from variot - Updated: 2025-04-11 22:53

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCub35869. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The following versions are affected: Cisco Unified CM 8.5(x) and 8.6(2a) su3 prior to 8.6(x), 9.x prior to 9.1(1)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0226",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.6\\(2a\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5\\(1\\)su2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.6\\(2a\\)su2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.6\\(2a\\)su1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5\\(1\\)su3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5\\(1\\)su4"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5\\(1\\)su1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.0\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.6\\(2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.6\\(1a\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.5\\(1\\)su5"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.6\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.6(2a)su3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.6(5)be3k"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.5(x)"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.x"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.6(x)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6.3"
      },
      {
        "model": "unified communications manager 8.6 su1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager 8.5 su2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager 8.5 su1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(1)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0(1)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unified_communications_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "61908"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-3461",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2013-3461",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-63463",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-3461",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-3461",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-355",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-63463",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63463"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial of service condition. \nThis issue is being tracked by Cisco Bug ID CSCub35869. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The following versions are affected: Cisco Unified CM 8.5(x) and 8.6(2a) su3 prior to 8.6(x), 9.x prior to 9.1(1)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "db": "BID",
        "id": "61908"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63463"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-3461",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1028938",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "61908",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20130821 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-63463",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63463"
      },
      {
        "db": "BID",
        "id": "61908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "id": "VAR-201308-0226",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63463"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-11T22:53:17.528000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20130821-cucm",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
      },
      {
        "title": "30433",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30433"
      },
      {
        "title": "cisco-sa-20130821-cucm",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/111/1119/1119757_cisco-sa-20130821-cucm-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63463"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130821-cucm"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1028938"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3461"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3461"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/61908"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63463"
      },
      {
        "db": "BID",
        "id": "61908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-63463"
      },
      {
        "db": "BID",
        "id": "61908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63463"
      },
      {
        "date": "2013-08-21T00:00:00",
        "db": "BID",
        "id": "61908"
      },
      {
        "date": "2013-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "date": "2013-08-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      },
      {
        "date": "2013-08-25T03:27:32.673000",
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63463"
      },
      {
        "date": "2013-08-21T00:00:00",
        "db": "BID",
        "id": "61908"
      },
      {
        "date": "2013-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      },
      {
        "date": "2013-08-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2013-3461"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Communications Manager Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003870"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-355"
      }
    ],
    "trust": 0.6
  }
}

GHSA-R7HF-97HQ-QR83

Vulnerability from github – Published: 2022-05-17 03:47 – Updated: 2022-05-17 03:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3461"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-25T03:27:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.",
  "id": "GHSA-r7hf-97hq-qr83",
  "modified": "2022-05-17T03:47:35Z",
  "published": "2022-05-17T03:47:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3461"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1028938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-3461

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-3461

Aliases

CVE-2013-3461

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3461",
    "description": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.",
    "id": "GSD-2013-3461"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3461"
      ],
      "details": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.",
      "id": "GSD-2013-3461",
      "modified": "2023-12-13T01:22:22.758635Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-3461",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
          },
          {
            "name": "1028938",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1028938"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3461"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
            },
            {
              "name": "1028938",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1028938"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-11-07T14:47Z",
      "publishedDate": "2013-08-25T03:27Z"
    }
  }
}

CERTA-2013-AVI-489

Vulnerability from certfr_avis - Published: 2013-08-22 - Updated: 2013-08-22

De multiples vulnérabilités ont été corrigées dans Cisco Unified Communications Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 8.5
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 9.1
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 9.0
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 8.6
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 7.1

References

Title

Publication Time

FKIE_CVE-2013-3461

Vulnerability from fkie_nvd - Published: 2013-08-25 03:27 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1028938	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028938	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	unified_communications_manager	9.0\(1\)
cisco	unified_communications_manager	8.5
cisco	unified_communications_manager	8.5\(1\)
cisco	unified_communications_manager	8.5\(1\)su1
cisco	unified_communications_manager	8.5\(1\)su2
cisco	unified_communications_manager	8.5\(1\)su3
cisco	unified_communications_manager	8.5\(1\)su4
cisco	unified_communications_manager	8.5\(1\)su5
cisco	unified_communications_manager	8.6
cisco	unified_communications_manager	8.6\(1\)
cisco	unified_communications_manager	8.6\(1a\)
cisco	unified_communications_manager	8.6\(2\)
cisco	unified_communications_manager	8.6\(2a\)
cisco	unified_communications_manager	8.6\(2a\)su1
cisco	unified_communications_manager	8.6\(2a\)su2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B7285C0D-5337-49D0-A6EE-2385A7B4F510",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1FA195-A711-4861-9B3D-A36D55C0F49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F252947A-82FE-4133-AA4F-E17758D7ECF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61E277B-475A-40EC-8A67-CE2A17C94185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D289E6D8-EA6A-4487-9513-6CCEE3740EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06098E0B-20F8-4FCC-A384-01EA108F4549",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCF00D65-DE88-4287-82CB-552AB68AFE25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6B04ECEA-E097-4069-B6AC-74D477F03BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CCD3E6-6031-437E-862B-470E39FAF67D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C31335-8001-4C83-A04B-6562CB39E3EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70757AD4-8F55-4C8B-886B-1D2E41670407",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869."
    },
    {
      "lang": "es",
      "value": "Cisco Unified Communications Manager (Unified CM) v8.5(x) y v8.6(x) anterior a v8.6(2a)su3 y v9.x anterior a v9.1(1) no restringe adecuadamente el \u00edndice de paquetes SIP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU, y la interrupci\u00f3n del servicio) a trav\u00e9s de un flujo de paquetes UDP al puerto 5060, tambi\u00e9n conocido como Bug ID CSCub35869."
    }
  ],
  "id": "CVE-2013-3461",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-25T03:27:32.673",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1028938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1028938"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-3461 (GCVE-0-2013-3461)

VAR-201308-0226

GHSA-R7HF-97HQ-QR83

GSD-2013-3461

CERTA-2013-AVI-489

Solution

FKIE_CVE-2013-3461

Tags

Sightings

Nomenclature