Sig Name: CUCM CTI DoS

Unanswered Question
Jul 2nd, 2010

I am seeing Sig ID: 6799 Subsig 0 a lot on our 4215.

Sig Name: CUCM CTI DoS
Sig ID: 6799
Severity: Medium
Risk Rating: 66
Sig Version: S448

I am looking for more information regarding this alert, is this flase positive?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fringer Fri, 07/02/2010 - 11:26

The best place to begin research on Cisco IPS signature issues is the Cisco IntelliShield site:

http://www.cisco.com/security

For this specific signature, the details are outlined here:

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=6799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S448

Details of the exploit detected are outlined here:

http://tools.cisco.com/security/center/viewAlert.x?alertId=16136

Without being able to see the traffic which triggered the signature it will not be possible to determine whether this is a false positivie or not.  Specific network conditions will assist more accurately determining the validity of the event.

Scott

Actions

This Discussion