Executive Summary
Summary | |
---|---|
Title | Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20080625-cucm | First vendor Publication | 2008-06-02 |
Vendor | Cisco | Last vendor Modification | 2008-06-25 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unified Communications Manager (CUCM), formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Computer Telephony Integration (CTI) Manager service that may cause an interruption in voice services and an authentication bypass vulnerability in the Real-Time Information Server (RIS) Data Collector that may expose information that is useful for reconnaissance. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a00809b (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-287 | Improper Authentication |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46815 | Cisco Unified Communications Manager (CUCM) RIS Data Collector Authentication... |
46814 | Cisco Unified Communications Manager (CUCM) Computer Telephony Integration (C... Unified Communications Manager contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted tcp packets are sent to tcp port 2748 resulting in loss of availability for the system.. |