7.8
CVSSv2

CVE-2009-2052

Published: 27/08/2009 Updated: 20/10/2009
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x prior to 5.1(3g), 6.x prior to 6.1(4), 7.0 prior to 7.0(2), and 7.1 prior to 7.1(2); and Cisco Unified Presence 1.x, 6.x prior to 6.0(6), and 7.x prior to 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.

Affected Products

Vendor Product Versions
CiscoUnified Communications Manager*, (1), (2), (2b), 3.3(5), 3.3(5)sr1, 3.3(5)sr2a, 4.1, 4.1(3), 4.1(3)sr1, 4.1(3)sr2, 4.1(3)sr3, 4.1(3)sr4, 4.1.1, 4.1.2, 4.1.3, 4.2, 4.2(3)sr1, 4.2(3)sr2b, 4.2(3)sr3, 4.2(3)sr4, 4.2.1, 4.2.2, 4.2.3, 4.2.3 Sr3, 4.2.3sr1, 4.2.3sr2, 4.2.3sr2b, 4.2 1, 4.2 2, 4.2 3, 4.2 3 Sr2, 4.2 3 Sr2b, 4.2 3 Sr3, 4.2 3sr1, 4.3, 4.3(1), 4.3(1)sr.1, 4.3(2), 4.3(2)sr1, 4.3.1, 4.3.2, 4.3 1, 4.3 1 Sr1, 5.0, 5.0 1, 5.0 2, 5.0 3, 5.0 3a, 5.0 4, 5.0 4a, 5.0 4a Su1, 5.1, 5.1(1), 5.1(2), 5.1(2a), 5.1(2b), 5.1(3), 5.1(3a), 5.1(3c), 5.1(3d), 5.1.2, 5.1 (2a), 5.1 1, 5.1 2, 5.1 2a, 5.1 2b, 5.1 3a, 6.0, 6.0(1), 6.0(1a), 6.0 1, 6.0 1a, 6.1, 6.1(1), 6.1(1a), 6.1(2), 6.1(2)su1, 6.1(3), 6.1.0, 6.1 1a, 7.0, 7.0(1)

Vendor Advisories

Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services These vulnerabilities were discovered internally by Cisco, and there are no workarounds Cisco has released software updates that address these vulnerabilities This advisory is posted at toolscisco ...
Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities Cisco has released free sof ...