An important vulnerability, ID “cisco-sa-20170419-ucm”, “CVE-2017-3808” has been announced this week for Cisco Unified Communications Manager. This vulnerability in the SIP UDP throttling process of CUCM could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Such an attack could have a severe impact on an organization’s ability to make or receive calls since CUCM is at the core of any Cisco Unified Communications infrastructure.
Cisco has released software updates that address this vulnerability. No workarounds exist that address this vulnerability.
Stack8’s recommendation is to proceed with this CUCM software update as soon as possible.
Any CUCM 10.x or 11.x releases prior to the versions below are affected:
CUCM 9.x and earlier releases are not affected by this vulnerability.
More details can be found here:
Should you or your organization require assistance with the deployment of this important CUCM software update, Stack8’s team of Cisco UC experts are available to help!