CVE-2013-1220

CWE-119 — Buffer Overflow CWE-16 CWE-200 — Information Exposure CWE-22 — Path Traversal CWE-12205 documents5 sources

Severity

7.8HIGH

EPSS

0.4%

top 37.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Customer Voice Portal

Timeline

PublishedMay 9

Latest updateMay 17

Description

The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/unified_customer_voice_portal9.0\(1\)+10

🔴Vulnerability Details

GHSA

GHSA-jggf-88rj-6q44: The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9↗2022-05-17

▶

CVEList

CVE-2013-1220: The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9↗2013-05-09

▶

📋Vendor Advisories

Red Hat

hw: AMD CPU erratum may cause core hang↗2013-11-28

▶

Cisco

Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software↗2013-05-08

▶