CVE-2002-0505

CWE-3994 documents4 sources
Severity
5.0MEDIUM
EPSS
0.8%
top 25.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Call Manager
Timeline
PublishedAug 12
Latest updateApr 30

Description

Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/call_manager3.0, 3.1+1

Patches

Patch: www.iss.netPatch: www.securityfocus.comPatch: www.iss.net

🔴Vulnerability Details

2
GHSA
GHSA-vwq6-34g6-9p39: Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 32022-04-30
CVEList
CVE-2002-0505: Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 32003-04-02

📋Vendor Advisories

1
Cisco
LDAP Connection Leak in CTI when User Authentication Fails2002-03-27
CVE-2002-0505 (MEDIUM CVSS 5) | Memory leak in the Call Telephony I | cvebase.io