CVE-2006-0374

Current Description

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.

Basic Data

PublishedJanuary 22, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareCiscoCall Manager********
    2.3HardwareCiscoCall Manager1.0*******
    2.3HardwareCiscoCall Manager2.0*******
    2.3HardwareCiscoCall Manager3.0*******
    2.3HardwareCiscoCall Manager3.1*******
    2.3HardwareCiscoCall Manager3.1(2)*******
    2.3HardwareCiscoCall Manager3.1(3a)*******
    2.3HardwareCiscoCall Manager3.2*******
    2.3HardwareCiscoCall Manager3.3*******
    2.3HardwareCiscoCall Manager3.3(3)*******
    2.3HardwareCiscoCall Manager3.3(3)es61*******
    2.3HardwareCiscoCall Manager3.3(4)es25*******
    2.3HardwareCiscoCall Manager3.3(5)*******
    2.3HardwareCiscoCall Manager3.3(5)es30*******
    2.3HardwareCiscoCall Manager4.0*******
    2.3HardwareCiscoCall Manager4.0(2a)es40*******
    2.3HardwareCiscoCall Manager4.0(2a)es62*******
    2.3HardwareCiscoCall Manager4.0(2a)sr2b*******
    2.3HardwareCiscoCall Manager4.1(2)es33*******
    2.3HardwareCiscoCall Manager4.1(2)es55*******
    2.3HardwareCiscoCall Manager4.1(3)es07*******
    2.3HardwareCiscoCall Manager4.1(3)es32*******
    2.3HardwareCiscoCall Manager4.1(3)sr1*******

Vulnerable Software List

VendorProductVersions
Cisco Call Manager *, 1.0, 2.0, 3.0, 3.1, 3.1(2), 3.1(3a), 3.2, 3.3, 3.3(3), 3.3(3)es61, 3.3(4)es25, 3.3(5), 3.3(5)es30, 4.0, 4.0(2a)es40, 4.0(2a)es62, 4.0(2a)sr2b, 4.1(2)es33, 4.1(2)es55, 4.1(3)es07, 4.1(3)es32, 4.1(3)sr1

References

NameSourceURLTags
18494http://secunia.com/advisories/18494SECUNIAPatch Vendor Advisory
359http://securityreason.com/securityalert/359SREASON
1015503http://securitytracker.com/id?1015503SECTRACK
20060118 Cisco Call Manager Denial of Servicehttp://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtmlCISCO
22622http://www.osvdb.org/22622OSVDB
22623http://www.osvdb.org/22623OSVDB
16295http://www.securityfocus.com/bid/16295BID
ADV-2006-0249http://www.vupen.com/english/advisories/2006/0249VUPEN
cisco-callmanager-port-connection-dos(24180)https://exchange.xforce.ibmcloud.com/vulnerabilities/24180XF