Executive Summary
| Summary | |
|---|---|
| Title | Cisco Unified Presence Denial of Service Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20091014-cup | First vendor Publication | 2009-07-24 |
| Vendor | Cisco | Last vendor Modification | 2009-10-14 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds. Cisco has released free software updates that address these vulnerabilities. |
Original Source
| Url : http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-147 | XML Ping of Death |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 59057 | Cisco Unified Presence TimesTenD TCP Connection Saturation Remote DoS |
| 57454 | Cisco Unified Communications Manager Embedded Firewall Network Connection Sat... |
