CVE-2009-2051 — Cisco Unified Communications Manager vulnerability

CWE-3995 documents4 sources

Severity

7.8HIGHNVD

EPSS

1.7%

top 17.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco IOS Cisco IOS XE

Timeline

PublishedAug 27

Latest updateMay 2

Description

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDcisco/unified_communications_manager5.0 — 5.1\(3g\)+2

▶NVDcisco/ios12.2 — 12.4+1

▶NVDcisco/ios_xe2.5.0 — 2.6.1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-mp73-2m32-64h6: Cisco IOS 12↗2022-05-02

▶

CVEList

CVE-2009-2051: Cisco IOS 12↗2009-08-27

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities↗2010-09-22

▶

Cisco

Cisco Unified Communications Manager Denial of Service Vulnerabilities↗2009-08-26

▶