The Presence Engine (PE) service in Cisco Unified Presence 6.x prior to 6.0(7) and 7.x prior to 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote malicious users to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco unified presence server 6.0\\(2\\) |
||
cisco unified presence server 6.0\\(3\\) |
||
cisco unified presence server 7.0\\(4\\) |
||
cisco unified presence server 7.0\\(5\\) |
||
cisco unified presence server 7.0\\(2\\) |
||
cisco unified presence server 7.0\\(3\\) |
||
cisco unified presence server 6.0\\(4\\) |
||
cisco unified presence server 6.0\\(5\\) |
||
cisco unified presence server 7.0\\(6\\) |
||
cisco unified presence server 7.0\\(7\\) |
||
cisco unified presence server 6.0\\(6\\) |
||
cisco unified presence server 7.0 |
||
cisco unified presence server 6.0 |
||
cisco unified presence server 6.0\\(4.1101-5\\) |
||
cisco unified presence server 6.0\\(5.1101-1\\) |
||
cisco unified presence server 6.0\\(2.1101\\) |
||
cisco unified presence server 6.0\\(3.1101-2\\) |
||
cisco unified presence server 6.0.5.1102-1 |
||
cisco unified presence server 6.0\\(5.1103-2\\) |
||
cisco unified presence server 7.0.3.10103-2 |
||
cisco unified presence server 7.0.3.10102-3 |
||
cisco unified presence server 7.0.4.10101-2 |
Vulmon