Информационная безопасность
[RU] switch to English


DoS против Cisco Unified Communications Manager
Опубликовано:4 марта 2010 г.
Источник:
SecurityVulns ID:10667
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости при разборе протоколов SIP и SCCP (Skinny), при разборе запросов CTI Manager (TCP/2748).
Затронутые продукты:CISCO : Unified Communications Manager 4.3
 CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.0
 CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.0
CVE:CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.)
 CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.)
 CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.)
 CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.)
 CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities (04.03.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород