VOIP: Cisco Unified Communications Manager CTL Provider Heap Overflow
This signature detects attempts to exploit a known vulnerability against Cisco Unified Communications Manager. A successful attack can lead to arbitrary code execution.
Extended Description
Cisco Unified Communications Manager (formerly known as CallManager) Certificate Trust List (CTL) Provider is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code or to cause denial-of-service conditions. This issue affects the following versions: Unified CallManager 4.0 and 4.1 prior to 4.1(3)SR5c Unified Communications Manager 4.2 prior to 4.2(3)SR3 Unified Communications Manager 4.3 prior to 4.3(1)SR1
Affected Products
Cisco unified_callmanager
Short Name
VOIP:CISCO-UCM-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
VOIP
Keywords
CTL CVE-2008-0027 Cisco Communications Heap Manager Overflow Provider Unified bid:27313
Release Date
09/28/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/2444
False Positive
Unknown
Vendors
Cisco
CVSS Score
10.0