Denial of Service Vulnerability in Cisco IP Communicator by Cisco
CVE-2012-0361

Currently unrated

Key Information:

Vendor: Cisco
Status: Ip Communicator
Vendor: CVE Published:; 2 May 2012

Summary

The sccp-protocol component in Cisco IP Communicator versions 7.0 to 8.6 lacks proper rate limiting for SCCP messages sent to Cisco Unified Communications Manager. This vulnerability enables remote attackers to exploit the system by overwhelming it with on-hook and off-hook messages, potentially leading to a denial of service. For instance, attacking vectors have been demonstrated using a Plantronics headset, resulting in disruptions to communication services.

References

http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/en...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1027013

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 2, 2012
Vulnerability Reserved
Jan 4, 2012