Cisco Unified Communications Manager Authentication Denial of Service Vulnerability

A vulnerability in device authentication of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to impact application response.

The vulnerability is due to incomplete throttling of authentication requests. An attacker could exploit this vulnerability by sending multiple authentication requests in a short period of time. An exploit could allow the attacker to degrade the performance of the CUCM application.

Cisco has confirmed the vulnerability in a security notice and has released software updates.

To exploit this vulnerability, an attacker may require access to a trusted, internal network to send authentication requests to the targeted system. This access requirement could limit the likelihood of a successful exploit.

Customers are advised to review the bug report in the “Vendor Announcements” section for a current list of affected versions.