CVE-2011-1604 — Missing Release of Memory after Effective Lifetime in Cisco Unified Communications Manager

CWE-3994 documents4 sources

Severity

7.1HIGHNVD

EPSS

2.0%

top 16.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedMay 3

Latest updateMay 17

Description

Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager47 versions+46

🔴Vulnerability Details

GHSA

GHSA-fhvf-2vjr-3jh6: Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6↗2022-05-17

▶

CVEList

CVE-2011-1604: Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6↗2011-05-03

▶

💥Exploits & PoCs

Exploit-DB

W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities↗2007-03-20

▶