CVE-2009-2051

Sažetak

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

Reference

http://www.securityfocus.com/bid/36152
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml
http://osvdb.org/57453
http://www.securitytracker.com/id?1022775
http://secunia.com/advisories/36499
http://secunia.com/advisories/36498
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

06-10-2021 - 15:11

Objavljeno

27-08-2009 - 17:00