Release date:
Updated on:
Affected Systems:
Cisco Unity Connection 8.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-0664
Cisco Unity Connection transparently integrates the messaging and speech recognition components with your data network to provide uninterrupted access to calls and messages.
Cisco Unity Connection 9.1.2 ES25, 9.1 (01) ES25, 8.6 (02) ES101, 8.5 (01) ES132 an error occurred when handling the imap uid search Command, this can be exploited by malicious users to consume CPU resources, resulting in DOS.
<* Source: vendor
Link: http://secunia.com/advisories/56370/
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0664
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2014-0664) and patches for this:
CVE-2014-0664: Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0664