Executive Summary
Summary | |
---|---|
Title | Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20080924-cucm | First vendor Publication | 2008-09-08 |
Vendor | Cisco | Last vendor Modification | 2008-09-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unified Communications Manager, formerly Cisco Unified CallManager, contains two denial of service (DoS) vulnerabilities in the Session Initiation Protocol (SIP) service. An exploit of these vulnerabilities may cause an interruption in voice services. Cisco will release free software updates that address these vulnerabilities and this advisory will be updated as fixed software becomes available. There are no workarounds for these vulnerabilities. Note: Cisco IOS software is also affected by the vulnerabilities described in this advisory. A companion advisory for Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0 (...) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6047 | |||
Oval ID: | oval:org.mitre.oval:def:6047 | ||
Title: | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-3801 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6086 | |||
Oval ID: | oval:org.mitre.oval:def:6086 | ||
Title: | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-3800 | Version: | 3 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 4 | |
Os | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48715 | Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3801) |
48714 | Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3800) |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080924-siphttp.nasl - Type : ACT_GATHER_INFO |