Vigil@nce - Cisco Unified Communications Manager: vulnerabilities of SCCP
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious Skinny Client Control Protocol
messages to Cisco Unified Communications Manager, in order to stop
it or to inject SQL code.
Severity: 2/4
Creation date: 29/02/2012
IMPACTED PRODUCTS
– Cisco Unified Communications Manager
DESCRIPTION OF THE VULNERABILITY
The Cisco Unified Communications Manager product is impacted by
two vulnerabilities of SCCP (Skinny Client Control Protocol).
An attacker can send a malicious SCCP message, in order to stop
the service. [severity:2/4; BID-52211, CSCtu73538, CVE-2011-4486]
An attacker can send a SCCP message containing a SQL query
fragment, in order to alter the content of the database.
[severity:2/4; BID-52213, CSCtu73538, CVE-2011-4487]
An attacker can therefore send malicious SCCP messages to Cisco
Unified Communications Manager, in order to stop it or to inject
SQL code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Unified-Communications-Manager-vulnerabilities-of-SCCP-11400