Skip to main content

Cisco Products CTL Provider Remote Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 18 Jan 2008 4492 Views

RISK: Medium Risk

A vulnerability has been identified in Cisco Unified CallManager and Unified Communications Manager, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a heap overflow error in the CTL (Certificate Trust List) Provider service "CTLProvider.exe" (port 2444/TCP) when processing user-supplied data, which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary code.


  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Cisco Unified CallManager 4.0
  • Cisco Unified CallManager 4.1 versions prior to 4.1(3)SR5c
  • Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR3
  • Cisco Unified Communications Manager 4.3 versions prior to 4.3(1)SR1


Before installation of the software, please visit the software manufacturer web-site for more details.

Apply updates

Vulnerability Identifier

  • No CVE information is available


Related Link