Published: 03/05/2011 Updated: 17/08/2017
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Summary

Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x prior to 6.1(5)su3, 7.x prior to 7.1(5b)su3, 8.0 prior to 8.0(3a)su2, and 8.5 prior to 8.5(1) allows remote malicious users to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.

Affected Products

Vendor Product Versions
CiscoUnified Communications Manager6.0, 6.1(1), 6.1(1a), 6.1(1b), 6.1(2), 6.1(2)su1, 6.1(2)su1a, 6.1(3), 6.1(3a), 6.1(3b), 6.1(3b)su1, 6.1(4), 6.1(4)su1, 6.1(4a), 6.1(4a)su2, 6.1(5), 6.1(5)su1, 6.1(5)su2, 7.0(1)su1, 7.0(1)su1a, 7.0(2), 7.0(2a), 7.0(2a)su1, 7.0(2a)su2, 7.1(2a), 7.1(2a)su1, 7.1(2b), 7.1(2b)su1, 7.1(3), 7.1(3a), 7.1(3a)su1, 7.1(3a)su1a, 7.1(3b), 7.1(3b)su1, 7.1(3b)su2, 7.1(5), 7.1(5)su1, 7.1(5)su1a, 7.1(5a), 7.1(5b), 7.1(5b)su2, 8.0(2c), 8.0(2c)su1, 8.0(3), 8.0(3a), 8.0(3a)su1, 8.5

Vendor Advisories

Cisco Unified Communications Manager (previously known as Cisco CallManager) contains the following vulnerabilities: Three (3) denial of service (DoS) vulnerabilities that affect Session Initiation Protocol (SIP) services Directory transversal vulnerability Two (2) SQL injection vulnerabilities Cisco has released free software upd ...