Vigil@nce - Cisco IP Communicator: denial of service against the Web interface
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can request a special URL to the Web interface of
Cisco IP Communicator, in order to trigger a denial of service.
Impacted products: Cisco IP Communicator.
Severity: 2/4.
Creation date: 08/07/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco IP Communicator product offers a web service.
However, there is a class of URL which make the server crash when
it attempts to serve them. One GET request is sufficient to kill
the Web service. Technical details are unknown.
An attacker can therefore request a special URL to the Web
interface of Cisco IP Communicator, in order to trigger a denial
of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN