CVE-2009-2051

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/36152	Third Party Advisory VDB Entry
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml	Patch Vendor Advisory
http://osvdb.org/57453	Broken Link
http://www.securitytracker.com/id?1022775	Third Party Advisory VDB Entry
http://secunia.com/advisories/36499	Third Party Advisory
http://secunia.com/advisories/36498	Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

Information

Published : 2009-08-27 10:00

Updated : 2021-10-06 08:11

NVD link : CVE-2009-2051

Mitre link : CVE-2009-2051

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

cisco

ios
unified_communications_manager
ios_xe

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/36152", "name": "36152", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", "name": "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://osvdb.org/57453", "name": "57453", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://www.securitytracker.com/id?1022775", "name": "1022775", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/36499", "name": "36499", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/36498", "name": "36498", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", "name": "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-2051", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-08-27T17:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.1\\(3g\\)", "versionStartIncluding": "5.0"}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1\\(4\\)", "versionStartIncluding": "6.1\\(1\\)"}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.1\\(2\\)", "versionStartIncluding": "7.1"}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.4", "versionStartIncluding": "12.2"}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "15.1", "versionStartIncluding": "15.0"}, {"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.6.1", "versionStartIncluding": "2.5.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-10-06T15:11Z"}