CVE-2011-1604

Current Description

Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.

Basic Data

PublishedMay 03, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.1
SeverityHIGH
Exploitability Score8.6
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Communications Manager6.0*******
    2.3ApplicationCiscoUnified Communications Manager6.1(1)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(1a)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(1b)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(2)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(2)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(2)su1a*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3a)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3b)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3b)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4a)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4a)su2*******
    2.3ApplicationCiscoUnified Communications Manager6.1(5)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(5)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(5)su2*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Communications Manager7.0(1)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.0(1)su1a*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2)*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2a)*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2a)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2a)su2*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2a)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2a)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2b)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2b)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3a)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3a)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3a)su1a*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3b)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3b)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3b)su2*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5)su1a*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5a)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5b)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5b)su2*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Communications Manager8.0(2c)*******
    2.3ApplicationCiscoUnified Communications Manager8.0(2c)su1*******
    2.3ApplicationCiscoUnified Communications Manager8.0(3)*******
    2.3ApplicationCiscoUnified Communications Manager8.0(3a)*******
    2.3ApplicationCiscoUnified Communications Manager8.0(3a)su1*******
    2.3ApplicationCiscoUnified Communications Manager8.5*******

Vulnerable Software List

VendorProductVersions
Cisco Unified Communications Manager 6.0, 6.1(1), 6.1(1a), 6.1(1b), 6.1(2), 6.1(2)su1, 6.1(2)su1a, 6.1(3), 6.1(3a), 6.1(3b), 6.1(3b)su1, 6.1(4), 6.1(4)su1, 6.1(4a), 6.1(4a)su2, 6.1(5), 6.1(5)su1, 6.1(5)su2, 7.0(1)su1, 7.0(1)su1a, 7.0(2), 7.0(2a), 7.0(2a)su1, 7.0(2a)su2, 7.1(2a), 7.1(2a)su1, 7.1(2b), 7.1(2b)su1, 7.1(3), 7.1(3a), 7.1(3a)su1, 7.1(3a)su1a, 7.1(3b), 7.1(3b)su1, 7.1(3b)su2, 7.1(5), 7.1(5)su1, 7.1(5)su1a, 7.1(5a), 7.1(5b), 7.1(5b)su2, 8.0(2c), 8.0(2c)su1, 8.0(3), 8.0(3a), 8.0(3a)su1, 8.5

References

NameSourceURLTags
20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerabilityhttp://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.htmlFULLDISC
44331http://secunia.com/advisories/44331SECUNIA
20110427 Multiple Vulnerabilities in Cisco Unified Communications Managerhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtmlCISCOVendor Advisory
47609http://www.securityfocus.com/bid/47609BID
1025449http://www.securitytracker.com/id?1025449SECTRACK
ADV-2011-1122http://www.vupen.com/english/advisories/2011/1122VUPEN
ucm-sip-dos(67122)https://exchange.xforce.ibmcloud.com/vulnerabilities/67122XF