CVE-2005-2243 — Missing Release of Memory after Effective Lifetime in Cisco Call Manager

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Call Manager

Timeline

PublishedJul 12

Latest updateMay 1

Description

Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/call_manager4 versions+3

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-hgj9-xqq4-q8ww: Memory leak in inetinfo↗2022-05-01

▶

CVEList

CVE-2005-2243: Memory leak in inetinfo↗2005-07-12

▶

📋Vendor Advisories

Cisco

Cisco CallManager Memory Handling Vulnerabilities↗2005-07-12

▶