Vulnerability-Lookup

CERTA-2009-AVI-403

Vulnerability from certfr_avis - Published: 2009-09-24 - Updated: 2009-09-24

Des vulnérabilités permettant de réaliser un déni de service ont été découvertes dans Cisco Unified Communication Manager.

Description

Deux vulnérabilités ont été découvertes dans Cisco Unified Communication Manager. L'exploitation de ces vulnérabilités permet de réaliser un déni de service à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Unified Communication Manager versions antérieures à la version 7.1(2).
Cisco	N/A	Cisco Unified Communication Manager versions antérieures à la version 5.1(3g) ;
Cisco	N/A	Cisco Unified Communication Manager versions antérieures à la version 7.0(2a)su1 ;
Cisco	N/A	Cisco Unified Communication Manager versions antérieures à la version 6.1(4) ;

References

Title

Publication Time

Tags

Bulletins de mise à jour Cisco du 23 septembre 2009	None	vendor-advisory
Bulletin de sécurité Cisco 20090923-cme du 23 septembre 2009 :	-	other
Bulletin de sécurité Cisco 20090923-cm du 23 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified Communication Manager versions ant\u00e9rieures \u00e0 la version 7.1(2).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communication Manager versions ant\u00e9rieures \u00e0 la version 5.1(3g) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communication Manager versions ant\u00e9rieures \u00e0 la version 7.0(2a)su1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communication Manager versions ant\u00e9rieures \u00e0 la version 6.1(4) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Unified Communication\nManager. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser un d\u00e9ni\nde service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2009-09-24T00:00:00",
  "last_revision_date": "2009-09-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20090923-cme du 23 septembre    2009 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20090923-cm du 23 septembre 2009    :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml"
    }
  ],
  "reference": "CERTA-2009-AVI-403",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s permettant de r\u00e9aliser un d\u00e9ni de service ont \u00e9t\u00e9\nd\u00e9couvertes dans \u003cspan class=\"textit\"\u003eCisco Unified Communication\nManager\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Cisco Unified Communication Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de mise \u00e0 jour Cisco du 23 septembre 2009",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted