Executive Summary
| Summary | |
|---|---|
| Title | Cisco Unified Communications Manager Denial of Service Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20090826-cucm | First vendor Publication | 2009-07-22 |
| Vendor | Cisco | Last vendor Modification | 2009-08-26 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. There are no workarounds for these vulnerabilities. |
Original Source
| Url : http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-99 | XML Parser Attack |
| CAPEC-119 | Resource Depletion |
| CAPEC-121 | Locate and Exploit Test APIs |
| CAPEC-125 | Resource Depletion through Flooding |
| CAPEC-130 | Resource Depletion through Allocation |
| CAPEC-147 | XML Ping of Death |
| CAPEC-197 | XEE (XML Entity Expansion) |
| CAPEC-227 | Denial of Service through Resource Depletion |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
| CAPEC-229 | XML Attribute Blowup |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-770 | Allocation of Resources Without Limits or Throttling |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 57456 | Cisco Unified Communications Manager SIP Packet Processing Unspecified Remote... |
| 57455 | Cisco Unified Communications Manager SCCP Packet Handling Unspecified Remote DoS |
| 57454 | Cisco Unified Communications Manager Embedded Firewall Network Connection Sat... |
| 57453 | Cisco Unified Communications Manager SIP Trunk Malformed Packet Handling Remo... |
| 57452 | Cisco Unified Communications Manager Unspecified SIP Packet Handling Remote DoS Cisco Unified Communication Manager contains a flaw that may allow a remote denial of service. The issue is triggered when malformed header in SIP occurs, and will result in loss of availability for the service. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-22 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20100922-siphttp.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2013-05-11 00:42:35 |
|
