Published: 23/09/2010 Updated: 24/09/2010

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Cisco IOS 12.2 up to and including 12.4 and 15.0 up to and including 15.1, Cisco IOS XE 2.5.x and 2.6.x prior to 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x prior to 6.1(5), 7.0 prior to 7.0(2a)su3, 7.1su prior to 7.1(3b)su2, 7.1 prior to 7.1(5), and 8.0 prior to 8.0(1) allow remote malicious users to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios 12.1xm
cisco ios 12.1xq
cisco ios 12.1xv
cisco ios 12.1yb
cisco ios 12.2b
cisco ios 12.2bx
cisco ios 12.2irb
cisco ios 12.2ird
cisco ios 12.2ixd
cisco ios 12.2ixf
cisco ios 12.2scb
cisco ios 12.2scd
cisco ios 12.2sxa
cisco ios 12.2sxd
cisco ios 12.2t
cisco ios 12.2xa
cisco ios 12.2xj
cisco ios 12.2xl
cisco ios 12.2xv
cisco ios 12.2ya
cisco ios 12.2yf
cisco ios 12.2yj
cisco ios 12.2yv
cisco ios 12.2yx
cisco ios 12.2zh
cisco ios 12.2zl
cisco ios 12.3
cisco ios 12.3t
cisco ios 12.3va
cisco ios 12.3xe
cisco ios 12.3xg
cisco ios 12.3xs
cisco ios 12.3xw
cisco ios 12.3yd
cisco ios 12.3yg
cisco ios 12.3yi
cisco ios 12.1
cisco ios 12.1t
cisco ios 12.1xi
cisco ios 12.1xj
cisco ios 12.1yd
cisco ios 12.1ye
cisco ios 12.1yf
cisco ios 12.1yh
cisco ios 12.2ire
cisco ios 12.2ixa
cisco ios 12.2ixb
cisco ios 12.2ixc
cisco ios 12.2sra
cisco ios 12.2srb
cisco ios 12.2sre
cisco ios 12.2su
cisco ios 12.2xc
cisco ios 12.2xd
cisco ios 12.2xg
cisco ios 12.2xh
cisco ios 12.2xi
cisco ios 12.2yb
cisco ios 12.2yc
cisco ios 12.2yd
cisco ios 12.2ye
cisco ios 12.2yz
cisco ios 12.2zc
cisco ios 12.2zd
cisco ios 12.2ze
cisco ios 12.3xa
cisco ios 12.3xb
cisco ios 12.3xc
cisco ios 12.3xd
cisco ios 12.3xx
cisco ios 12.3xy
cisco ios 12.3xz
cisco ios 12.3ya
cisco ios 12.3yz
cisco ios 12.3za
cisco ios 12.4
cisco ios 12.4gc
cisco ios 12.4xj
cisco ios 12.4xk
cisco ios 12.4xl
cisco ios 12.4xm
cisco ios 12.4ye
cisco ios 12.4yg
cisco ios 15.0m
cisco ios 15.0s
cisco ios 15.0xa
cisco ios 12.1xr
cisco ios 12.1xs
cisco ios 12.1xt
cisco ios 12.1xu
cisco ios 12.2cz
cisco ios 12.2dd
cisco ios 12.2dx
cisco ios 12.2ex
cisco ios 12.2ixh
cisco ios 12.2mra
cisco ios 12.2mrb
cisco ios 12.2sbc
cisco ios 12.2sca
cisco ios 12.2sxe
cisco ios 12.2sxf
cisco ios 12.2sy
cisco ios 12.2sz
cisco ios 12.2xn
cisco ios 12.2xq
cisco ios 12.2xs
cisco ios 12.2xt
cisco ios 12.2yl
cisco ios 12.2ym
cisco ios 12.2yn
cisco ios 12.2yt
cisco ios 12.2yu
cisco ios 12.2zp
cisco ios 12.2zu
cisco ios 12.2zy
cisco ios 12.2zya
cisco ios 12.3xj
cisco ios 12.3xk
cisco ios 12.3xl
cisco ios 12.3xq
cisco ios 12.3yj
cisco ios 12.3yk
cisco ios 12.3ym
cisco ios 12.3yq
cisco ios 12.4sw
cisco ios 12.4t
cisco ios 12.4xa
cisco ios 12.4xb
cisco ios 12.4xc
cisco ios 12.4xt
cisco ios 12.4xv
cisco ios 12.3ys
cisco ios 12.3yu
cisco ios 12.4mda
cisco ios 12.4mra
cisco ios 12.4xe
cisco ios 12.4xg
cisco ios 12.4xn
cisco ios 12.4xq
cisco ios 12.4ya
cisco ios 12.4yd
cisco ios 15.1xb
cisco ios xe 2.5.1
cisco ios 12.4xw
cisco ios 12.4xy
cisco ios xe 2.6.0
cisco ios xe 2.6.1
cisco ios 12.1xy
cisco ios 12.1xl
cisco ios 12.1xp
cisco ios 12.1ya
cisco ios 12.1yc
cisco ios 12.1yi
cisco ios 12.2bw
cisco ios 12.2by
cisco ios 12.2ira
cisco ios 12.2irc
cisco ios 12.2ixe
cisco ios 12.2ixg
cisco ios 12.2scc
cisco ios 12.2sg
cisco ios 12.2sv
cisco ios 12.2sxb
cisco ios 12.2tpc
cisco ios 12.2xb
cisco ios 12.2xk
cisco ios 12.2xm
cisco ios 12.2xu
cisco ios 12.2xw
cisco ios 12.2yh
cisco ios 12.2yk
cisco ios 12.2yw
cisco ios 12.2yy
cisco ios 12.2zf
cisco ios 12.2zj
cisco ios 12.3b
cisco ios 12.3tpc
cisco ios 12.3xf
cisco ios 12.3xi
cisco ios 12.3xr
cisco ios 12.3xu
cisco ios 12.3yf
cisco ios 12.3yh
cisco ios 12.3yt
cisco ios 12.3yx
cisco ios 12.4md
cisco ios 12.4mr
cisco ios 12.4xd
cisco ios 12.4xf
cisco ios 12.4xp
cisco ios 12.4xr
cisco ios 12.4xz
cisco ios 12.4yb
cisco ios 15.1t
cisco ios xe 2.5.0
cisco unified communications manager 6.1\\(2\\)
cisco unified communications manager 6.1\\(2\\)su1
cisco unified communications manager 6.1\\(2\\)su1a
cisco unified communications manager 6.1\\(3\\)
cisco unified communications manager 7.0\\(1\\)su1a
cisco unified communications manager 7.0\\(2\\)
cisco unified communications manager 7.0\\(2a\\)
cisco unified communications manager 7.0\\(2a\\)su1
cisco unified communications manager 6.0
cisco unified communications manager 6.1\\(1a\\)
cisco unified communications manager 6.1\\(3b\\)
cisco unified communications manager 6.1\\(4\\)
cisco unified communications manager 7.0
cisco unified communications manager 7.0\\(1\\)su1
cisco unified communications manager 7.0\\(2a\\)su2
cisco unified communications manager 7.1\\(2b\\)
cisco unified communications manager 7.1\\(3b\\)su1
cisco unified communications manager 7.1\\(2a\\)su1
cisco unified communications manager 6.1\\(4\\)su1
cisco unified communications manager 6.1\\(4a\\)
cisco unified communications manager 6.1\\(4a\\)su2
cisco unified communications manager 6.0\\(1b\\)
cisco unified communications manager 6.0\\(1.2114.1\\)
cisco unified communications manager 7.1\\(3\\)
cisco unified communications manager 7.1\\(3a\\)
cisco unified communications manager 7.1\\(3a\\)su1
cisco unified communications manager 7.1\\(3a\\)su1a
cisco unified communications manager 6.1\\(1\\)
cisco unified communications manager 6.1\\(1b\\)
cisco unified communications manager 6.1\\(3a\\)
cisco unified communications manager 6.1\\(3b\\)su1
cisco unified communications manager 6.0\\(1.2121.1\\)
cisco unified communications manager 7.0\\(1\\)
cisco unified communications manager 8.0
cisco unified communications manager 7.1\\(2b\\)su1
cisco unified communications manager 7.1\\(3b\\)
cisco unified communications manager 7.1\\(2a\\)

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS® Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled Cisco has released software updates that address these vulnerabilities There are no workarounds for devices that ...

Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages Exploitation of these vulnerabilities could cause an interruption of voice services To address these vulnerabilities, Cisco has released free software updates There is a wor ...

NVD-CWE-noinfo http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-sip

Get Started

CVE-2010-2835

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect