Executive Summary

Summary
Title Cisco Unified Communications Manager Denial of Service Vulnerabilities
Informations
Name cisco-sa-20100303-cucm First vendor Publication 2010-01-20
Vendor Cisco Last vendor Modification 2010-03-03
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.

To address these vulnerabilities, Cisco has released free software updates for select Cisco Unified Communications Manager versions. There is a workaround for of one the vulnerabilities.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 52

Open Source Vulnerability Database (OSVDB)

Id Description
62761 Cisco Unified Communications Manager CTI Manager Message Handling Remote DoS
62760 Cisco Unified Communications Manager Malformed SIP Message Handling Remote Do...
62759 Cisco Unified Communications Manager Malformed SIP Message Handling Remote Do...
62758 Cisco Unified Communications Manager Malformed SCCP Message Handling Remote D...
62757 Cisco Unified Communications Manager Malformed SCCP Message Handling Remote D...