CERTA-2008-AVI-339
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités dans Cisco Unified Communications Manager permettent de réaliser un déni de service à distance et de contourner la politique de sécurité.
Description
Deux vulnérabilités ont été découvertes dans Cisco Unified Communications Manager (CUCM) :
- le service Computer Telephony Integration Manager des versions 5.x et 6.x de CUCM ne traite pas correctement certaines données, ce qui peut conduire à un déni de service à distance (CVE-2008-2061) ;
- l'authentification intégrée au service Real-Time Information Server Data Collector des versions 4.x, 5.x et 6.x de CUCM peut être contournée, ce qui permet d'avoir accès à certaines informations confidentielles (CVE-2008-2062 et CVE-2008-2730).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 6.x antérieures à 6.1(2). | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 5.x antérieures à 5.1(3c) ; | ||
| Cisco | Unified Communications Manager | Cisco Unified CallManager versions 4.1 ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 4.2 antérieures à 4.2(3)SR4 ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 4.3 antérieures à 4.3(2)SR1 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager versions 6.x ant\u00e9rieures \u00e0 6.1(2).",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions 5.x ant\u00e9rieures \u00e0 5.1(3c) ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CallManager versions 4.1 ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions 4.2 ant\u00e9rieures \u00e0 4.2(3)SR4 ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions 4.3 ant\u00e9rieures \u00e0 4.3(2)SR1 ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Unified\nCommunications Manager (CUCM) :\n\n- le service Computer Telephony Integration Manager des versions 5.x\n et 6.x de CUCM ne traite pas correctement certaines donn\u00e9es, ce qui\n peut conduire \u00e0 un d\u00e9ni de service \u00e0 distance (CVE-2008-2061) ;\n- l\u0027authentification int\u00e9gr\u00e9e au service Real-Time Information Server\n Data Collector des versions 4.x, 5.x et 6.x de CUCM peut \u00eatre\n contourn\u00e9e, ce qui permet d\u0027avoir acc\u00e8s \u00e0 certaines informations\n confidentielles (CVE-2008-2062 et CVE-2008-2730).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-2061",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2061"
},
{
"name": "CVE-2008-2730",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2730"
},
{
"name": "CVE-2008-2062",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2062"
}
],
"links": [],
"reference": "CERTA-2008-AVI-339",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-06-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCisco Unified\nCommunications Manager\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service\n\u00e0 distance et de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080625-cucm du 25 juin 2008",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…