Published: 03/05/2011 Updated: 17/08/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x prior to 6.1(5)su2, 7.x prior to 7.1(5b)su2, 8.0 prior to 8.0(3), and 8.5 prior to 8.5(1) allows remote malicious users to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.

Affected Products

Vendor Product Versions
CiscoUnified Communications Manager6.0, 6.1(1), 6.1(1a), 6.1(1b), 6.1(2), 6.1(2)su1, 6.1(2)su1a, 6.1(3), 6.1(3a), 6.1(3b), 6.1(3b)su1, 6.1(4), 6.1(4)su1, 6.1(4a), 6.1(4a)su2, 6.1(5), 6.1(5)su1, 7.0(1)su1, 7.0(1)su1a, 7.0(2), 7.0(2a), 7.0(2a)su1, 7.0(2a)su2, 7.1(2a), 7.1(2a)su1, 7.1(2b), 7.1(2b)su1, 7.1(3), 7.1(3a), 7.1(3a)su1, 7.1(3a)su1a, 7.1(3b), 7.1(3b)su1, 7.1(3b)su2, 7.1(5), 7.1(5)su1, 7.1(5)su1a, 7.1(5a), 7.1(5b), 8.0(2c), 8.0(2c)su1, 8.0(3), 8.0(3a), 8.0(3a)su1, 8.0(3a)su2, 8.5

Vendor Advisories

Cisco Unified Communications Manager (previously known as Cisco CallManager) contains the following vulnerabilities: Three (3) denial of service (DoS) vulnerabilities that affect Session Initiation Protocol (SIP) services Directory transversal vulnerability Two (2) SQL injection vulnerabilities Cisco has released free software upd ...