CVE-2013-1134 Information

Description

The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node which allows remote attackers to conduct cache-poisoning attacks against transaction records and cause a denial of service (bandwidth-pool consumption and call outage) via unspecified vectors aka Bug ID CSCub28920.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm