CVE-2011-2563

Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml	Vendor Advisory
http://www.securitytracker.com/id?1025969

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:intercompany_media_engine:8.0\(2\):::::::*
	cpe:2.3:a:cisco:intercompany_media_engine:8.0\(3\):::::::*

Information

Published : 2011-08-29 08:55

Updated : 2011-10-05 19:50

NVD link : CVE-2011-2563

Mitre link : CVE-2011-2563

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

cisco

intercompany_media_engine
unified_communications_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", "name": "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", "name": "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id?1025969", "name": "1025969", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2563", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-08-29T15:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:intercompany_media_engine:8.0\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:intercompany_media_engine:8.0\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-10-06T02:50Z"}

7.8 /10