Cisco Unified Communications Manager versions prior to 5.1(3c) and versions prior to 6.1(2) contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability exists due to an error in the Computer Telephony Integration (CTI) Manager service when it processes certain malicious input. An unauthenticated, remote attacker could exploit this vulnerability by submitting malicious input to the CTI Manager service, causing the service to fail and resulting in a DoS condition. The failure of this service could render some voice communications services unavailable to authorized users.
Functional exploit code exists; however, the code is not publicly available.
Cisco confirmed this vulnerability in a security advisory and released updated software.