Cisco.CallManager.CTLProvider.Heap.Overflow
Description
This indicates an attempt to exploit a buffer overflow vulnerability in Cisco Unified Communications Manager and CallManager.
The vulnerability is caused by a heap-based buffer overflow in the Certificate Trust List (CTL) Provider service. It allows remote attackers to cause a denial of service or execute arbitrary code via an excessively long request.
Affected Products
Unified CallManager 4.0 and 4.1 prior to 4.1(3)SR5c
Unified Communications Manager 4.2 prior to 4.2(3)SR3
Unified Communications Manager 4.3 prior to 4.3(1)SR1
Impact
System compromise: remote code execution.
Denial of service.
Recommended Actions
Please refer to the following URL to address this issue:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |