Executive Summary
| Summary | |
|---|---|
| Title | Cisco Unified Communications Manager Express Denial of Service Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20100324-cucme | First vendor Publication | 2009-12-14 |
| Vendor | Cisco | Last vendor Modification | 2010-03-24 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages. Cisco has released free software updates that address these vulnerabilities. |
Original Source
| Url : http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6625 | |||
| Oval ID: | oval:org.mitre.oval:def:6625 | ||
| Title: | Cisco IOS Software Tunnels Vulnerability | ||
| Description: | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability." | ||
| Family: | ios | Class: | vulnerability |
| Reference(s): | CVE-2010-0586 | Version: | 3 |
| Platform(s): | Cisco IOS | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 63177 | Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspec... Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) is enabled, contains a flaw that may allow a remote denial of service (e.g., device reload). The issue is triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages, and will result in loss of availability for the device. |
| 63176 | Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspec... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20100324-cucmehttp.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 10:21:58 |
|
