Published: 12/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.9 | Exploitability Score: 8

VMScore: 605

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and previous versions allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified communications domain manager

A vulnerability in the Session Initiation Protocol (SIP) subsystem of Cisco Unified Communications Manager (Cisco Unified CM) could allow an authenticated, remote attacker to trigger a denial of service condition The vulnerability is due to a failure by the SIP subsystem to properly sanitize Extensible Markup Language (XML) prior to passing it to ...

CWE-20 http://tools.cisco.com/security/center/viewAlert.x?alertId=35257 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337 http://www.securitytracker.com/id/1030709 http://www.securityfocus.com/bid/69177 http://secunia.com/advisories/60088 https://exchange.xforce.ibmcloud.com/vulnerabilities/95245 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140811-CVE-2014-3337

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3337

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect