Executive Summary

Summary
Title Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
Informations
Name cisco-sa-20080924-cucm First vendor Publication 2008-09-08
Vendor Cisco Last vendor Modification 2008-09-24
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Unified Communications Manager, formerly Cisco Unified CallManager, contains two denial of service (DoS) vulnerabilities in the Session Initiation Protocol (SIP) service. An exploit of these vulnerabilities may cause an interruption in voice services.

Cisco will release free software updates that address these vulnerabilities and this advisory will be updated as fixed software becomes available. There are no workarounds for these vulnerabilities.

Note: Cisco IOS software is also affected by the vulnerabilities described in this advisory. A companion advisory for Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0 (...)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6047
 
Oval ID: oval:org.mitre.oval:def:6047
Title: Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
Description: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
Family: ios Class: vulnerability
Reference(s): CVE-2008-3801
Version: 3
Platform(s): Cisco IOS
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6086
 
Oval ID: oval:org.mitre.oval:def:6086
Title: Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
Description: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
Family: ios Class: vulnerability
Reference(s): CVE-2008-3800
Version: 3
Platform(s): Cisco IOS
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 4
Os 3

Open Source Vulnerability Database (OSVDB)

Id Description
48715 Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3801)

48714 Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3800)

Nessus® Vulnerability Scanner

Date Description
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080924-siphttp.nasl - Type : ACT_GATHER_INFO