Security Advisory
  • Cisco Unified Presence Can Be Affected By TCP Flooding Attacks Reported Date: 18-10-09
Rated Level: Critical
Impact: Dos,Remotely Exploitable
Affected Software: 1.x, 6.x prior to 6.0(6), 7.x prior to 7.0(4)
Description: Two vulnerabilities were reported in Cisco Unified Presence. A remote user can cause denial of service conditions.

A remote user can flood TCP ports 16200 or 22794 with completed connections to cause the target TimesTenD process to crash and restart . Cisco has assigned Cisco Bug ID CSCsy17662 to this vulnerability.

A remote user can establish many TCP connections to the target system to cause the internal connection tracking table to prevent new connections . Cisco has assigned Cisco Bug ID CSCsw52371 to this vulnerability.


Note: Cisco Systems Product Security Incident Response Team [email protected]>
Solution: The vendor has issued a fix for 6.0(6), 7.0(4).
http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org

Security Advisories by Month (2014)
TS Promotion