CiscoCISCO-SA-20130510-CVE-2013-1242Cisco Unified Presence Memory Exhaustion Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
61.2%
A vulnerability in the web framework of Cisco Unified Presence could allow an unauthenticated, remote attacker to cause an increase in memory utilization.
The vulnerability is due to improper handling of memory allocation when the affected system is flooded with malformed TCP packets. An attacker could exploit this vulnerability by sending malformed TCP packets to the affected system. An exploit could allow the attacker to cause an increase in memory utilization. Memory utilization does not return to a normal state when the attack is terminated. A reboot is of the system is required to restore free memory.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit the vulnerability, an attacker would likely need access to an internal, trusted network to send malformed TCP packets to the targeted system, decreasing the likelihood of a successful exploit.
Customers are advised to review the bug report in the “Vendor Announcements” section for a current list of affected versions.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_presence_server | any | cpe:2.3:a:cisco:unified_presence_server:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
61.2%