Executive Summary
Summary | |
---|---|
Title | Cisco Unified Communications Manager Express Denial of Service Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20100324-cucme | First vendor Publication | 2009-12-14 |
Vendor | Cisco | Last vendor Modification | 2010-03-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages. Cisco has released free software updates that address these vulnerabilities. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6625 | |||
Oval ID: | oval:org.mitre.oval:def:6625 | ||
Title: | Cisco IOS Software Tunnels Vulnerability | ||
Description: | Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability." | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2010-0586 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63177 | Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspec... Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) is enabled, contains a flaw that may allow a remote denial of service (e.g., device reload). The issue is triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages, and will result in loss of availability for the device. |
63176 | Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspec... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20100324-cucmehttp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:21:58 |
|