Vigil@nce - Cisco Unified Communications Manager: memory leak via Domain Manager
July 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a memory leak in Domain Manager of Cisco
Unified Communications Manager, in order to trigger a denial of
service.
Impacted products: Cisco CUCM
Severity: 2/4
Creation date: 12/07/2013
DESCRIPTION OF THE VULNERABILITY
Cisco Unified Communications Manager includes a Web management
interface, Domain Manager.
An attacker can create a memory leak in the processing of some
HTTP requests, until that the server processes are killed by
memory exhaustion, in order to trigger a denial of service.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN