Executive Summary
Summary | |
---|---|
Title | Multiple vulnerabilities in Cisco PGW Softswitch |
Informations | |||
---|---|---|---|
Name | cisco-sa-20100512-pgw | First vendor Publication | 2010-03-19 |
Vendor | Cisco | Last vendor Modification | 2010-05-12 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages. Successful exploitation of all but one of these vulnerabilities can crash the affected device. Exploitation of the remaining vulnerability will not crash the affected device, but it can lead to a denial-of-service (DoS) condition in which no new TCP-based connections will be accepted or created. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
88 % | CWE-20 | Improper Input Validation |
12 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64688 | Cisco PGW 2200 Softswitch Malformed SIP Packet DoS (CVE-2010-0602) |
64687 | Cisco PGW 2200 Softswitch SIP Packet Session Attribute DoS |
64686 | Cisco PGW 2200 Softswitch Unspecified SIP Packet Handling DoS (CVE-2010-0604) |
64685 | Cisco PGW 2200 Softswitch SIP Packet Long Header DoS |
64684 | Cisco PGW 2200 Softswitch SIP Packet Contact Header DoS |
64683 | Cisco PGW 2200 Softswitch Unspecified SIP Packet Handling DoS (CVE-2010-1563) |
64682 | Cisco PGW 2200 Softswitch Unspecified SIP Packet Handling DoS (CVE-2010-1565) |
64681 | Cisco PGW 2200 Softswitch Unspecified SIP Packet Handling DoS (CVE-2010-1567) |
64680 | Cisco PGW 2200 MGCP Packet Handling DoS |