Cisco Tivoli Business Service Manager Denial of Service Vulnerability

Cisco Tivoli Business Service Manager (TBSM), which is part of Cisco Hosted Collaboration Mediation (HCM), contains a vulnerability that could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS).

An attacker could exploit this vulnerability by sending a flood of TCP packets directed to ports 17310-17542 on Cisco TBSM. A successful attack could cause certain services to hang while the attack lasts.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit the vulnerability, an attacker would need access to trusted, internal networks to send a series of TCP packets to the targeted system. This access requirement may reduce the likelihood of a successful attack.

Customers are advised to review the bug report in the vendor announcements section for a current list of affected versions.