Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco Unified Communications Manager |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110427-cucm | First vendor Publication | 2011-01-05 |
Vendor | Cisco | Last vendor Modification | 2011-04-27 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unified Communications Manager (previously known as Cisco CallManager) contains the following vulnerabilities: * Three (3) denial of service (DoS) vulnerabilities that affect Session Initiation Protocol (SIP) services Cisco has released free software updates for affected Cisco Unified Communications Manager versions to address the vulnerabilities. A workaround exists only for the SIP DoS vulnerabilities. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72615 | Cisco Unified Communications Manager xmldirectorylist.jsp Multiple Parameter ... |
72614 | Cisco Unified Communications Manager Unspecified SQL Injection |
72613 | Cisco Unified Communications Manager Upload Request Traversal Arbitrary File ... |
72612 | Cisco Unified Communications Manager Malformed SIP Message Unspecified Remote... |
72611 | Cisco Unified Communications Manager Malformed SIP Message Unspecified Remote... |
72610 | Cisco Unified Communications Manager Malformed SIP Message Memory Exhaustion ... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Cisco Unified Communications Manager sql injection attempt RuleID : 21377 - Revision : 8 - Type : SERVER-WEBAPP |