CVE-2009-2051

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/57453	Broken Link
http://secunia.com/advisories/36498	Third Party Advisory
http://secunia.com/advisories/36499	Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml	Patch Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml	Vendor Advisory
http://www.securityfocus.com/bid/36152	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022775	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

History

No history.

Information

Published : 2009-08-27 17:00

Updated : 2024-02-28 11:21

NVD link : CVE-2009-2051

Mitre link : CVE-2009-2051

CVE.ORG link : CVE-2009-2051

JSON object : View

Products Affected

cisco

unified_communications_manager
ios_xe
ios

CWE

NVD-CWE-Other

{"id": "CVE-2009-2051", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-27T17:00:00.953", "references": [{"url": "http://osvdb.org/57453", "tags": ["Broken Link"], "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/36498", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/36499", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/36152", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1022775", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987."}, {"lang": "es", "value": "Cisco Unified Communications Manager (tambi\u00e9n conocido como CUCM, formalmente CallManager) v4.x, v5.x anteriores a v5.1(3g), v6.x anteriores v6.1(4), y v7.x anteriores v7.1(2) permite a los atacantes remotos causar una denegaci\u00f3n de servicio (parada del servicio de voz) a trav\u00e9s de mensajes malformados SIP INVITE que lanzan una llamada incorrecta a la funci\u00f3n sipSafeStrlen, tambi\u00e9n conocida como Bug ID CSCsz40392."}], "lastModified": "2021-10-06T15:11:45.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B48B0779-7796-45D2-8967-459F562A6243", "versionEndExcluding": "5.1\\(3g\\)", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98AF7F97-8702-4E7B-BDE4-BD5A3114FDF4", "versionEndExcluding": "6.1\\(4\\)", "versionStartIncluding": "6.1\\(1\\)"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96DB29BF-9A40-4591-BE41-C519B86C2EEF", "versionEndExcluding": "7.1\\(2\\)", "versionStartIncluding": "7.1"}, {"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBB64D7E-7C96-4A3D-BA83-60EE8D5DFB21", "versionEndIncluding": "12.4", "versionStartIncluding": "12.2"}, {"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "537031DB-5ADF-475E-BFFA-9092652BF2B6", "versionEndIncluding": "15.1", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DEE9D2D-BE50-4216-8F7E-CB6F46880E08", "versionEndIncluding": "2.6.1", "versionStartIncluding": "2.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}