====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN119
_____________________________________________________________________

DATE                : 20/04/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Unified Communications
                                         Manager.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
____________________________________________________________________

Cisco Security Advisory: Cisco Unified Communications Manager Denial of
Service Vulnerability

Advisory ID: cisco-sa-20170419-ucm

Revision: 1.0

For Public Release: 2017 April 19 16:00 GMT

Last Updated: 2017 April 19 16:00 GMT

CVE ID(s): CVE-2017-3808

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling
process of Cisco Unified Communications Manager (Cisco Unified CM)
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device.

The vulnerability is due to insufficient rate limiting protection. An
attacker could exploit this vulnerability by sending the affected
device a high rate of SIP messages. An exploit could allow the attacker
to cause the device to reload unexpectedly. The device and services
will restart automatically.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================