Executive Summary
Summary | |
---|---|
Title | Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110928-cucm | First vendor Publication | 2010-12-21 |
Vendor | Cisco | Last vendor Modification | 2011-09-28 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76862 | Cisco Unified Communications Manager (CUCM) SIP Message Parsing Remote DoS |
75918 | Cisco IOS Session Control Buffers (SCB) SIP Packet Parsing Voice Service Remo... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-09-29 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20110928-siphttp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:42:42 |
|