Vulnerable Products

Cisco Unified Presens Before version 6.0(1)

Official information

http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml

Impact

Successful exploitation of any of the vulnerabilities may result in the interruption of presence services. There is no workaround for this vulnerability

Risk level

High

Vector

External

Details

Cisco Unified Presence collects information about a user’s availability status and communications capabilities. Using information captured by Cisco Unified Presence, applications such as Cisco Unified Personal Communicator and Cisco Unified Communications Manager can improve productivity by helping users connect with colleagues more efficiently by determining the most effective means for collaborative communication.

The Presence Engine service of Cisco Unified Presence version 1.0 contains two vulnerabilities that occur when a series of malformed IP packets are received by a vulnerable Cisco Unified Presence system and may result in a DoS condition.

The first vulnerability is documented in CVE-2008-1740 and Cisco Bug ID CSCsh20972.

Fixed Software

There are no workarounds for these vulnerabilities. These vulnerabilities are fixed in Cisco Unified Presence version 6.0(1). Cisco Unified Presence version 6.0(1) is the upgrade path for Cisco Unified Presence version 1.0.

Remediation

Redshifts solution provides comprehensive protection against stress test and anomaly tests against IP traffic. For 0-day protection of your critical UC infrastructure, pls. go to www.redshiftnetworks.com