Published: 22/01/2006 Updated: 20/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Cisco CallManager 3.2 and previous versions, 3.3 prior to 3.3(5)SR1, 4.0 prior to 4.0(2a)SR2c, and 4.1 prior to 4.1(3)SR2 allow remote malicious users to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.

Affected Products

Vendor Product Versions
CiscoCall Manager*, 1.0, 2.0, 3.0, 3.1, 3.1(2), 3.1(3a), 3.2, 3.3, 3.3(3), 3.3(3)es61, 3.3(4)es25, 3.3(5), 3.3(5)es30, 4.0, 4.0(2a)es40, 4.0(2a)es62, 4.0(2a)sr2b, 4.1(2)es33, 4.1(2)es55, 4.1(3)es07, 4.1(3)es32, 4.1(3)sr1

Vendor Advisories

Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications All Cisco CallManager versions are v ...