Cisco Products CTL Provider Remote Buffer Overflow Vulnerability
A vulnerability has been identified in Cisco Unified CallManager and Unified Communications Manager, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a heap overflow error in the CTL (Certificate Trust List) Provider service "CTLProvider.exe" (port 2444/TCP) when processing user-supplied data, which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary code.
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Cisco Unified CallManager 4.0
- Cisco Unified CallManager 4.1 versions prior to 4.1(3)SR5c
- Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR3
- Cisco Unified Communications Manager 4.3 versions prior to 4.3(1)SR1
Before installation of the software, please visit the software manufacturer web-site for more details.
Update to a fixed version of CUCM 4.1 or later.
Update to CUCM 4.1(3)SR5c, CUCM 4.1(3)SR6, or later.
Update to CUCM 4.2(3)SR3 or later.
Update to CUCM 4.3(1)SR1, CUCM 4.3(1)SR1a, or later.
- No CVE information is available