CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2009-2051
https://notcve.org/view.php?id=CVE-2009-2051
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987. Cisco Unified Communications Manager (también conocido como CUCM, formalmente CallManager) v4.x, v5.x anteriores a v5.1(3g), v6.x anteriores v6.1(4), y v7.x anteriores v7.1(2) permite a los atacantes remotos causar una denegación de servicio (parada del servicio de voz) a través de mensajes malformados SIP INVITE que lanzan una llamada incorrecta a la función sipSafeStrlen, también conocida como Bug ID CSCsz40392. • http://osvdb.org/57453 http://secunia.com/advisories/36498 http://secunia.com/advisories/36499 http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml http://www.securityfocus.com/bid/36152 http://www.securitytracker.com/id?1022775 •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-2052
https://notcve.org/view.php?id=CVE-2009-2052
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371. Unified Communications Manager de Cisco (también conocido como CUCM, anteriormente CallManager) versión 4.x, versión 5.x anterior a 5.1 (3g), versión 6.x anterior a 6.1 (4), versión 7.0 anterior a 7.0 (2) y versión 7.1 anterior a 7.1 (2); y Unified Presence de Cisco versión 1.x, versión 6.x anterior a 6.0 (6) y versión 7.x anterior a 7.0 (4); permite a los atacantes remotos causar una denegación de servicio (interrupción de los servicios TCP) por medio de una gran cantidad de conexiones TCP, relacionadas con el "tracking of network connections," también conocida como Bug Id. CSCsq22534 y CSCsw52371. • http://secunia.com/advisories/36498 http://secunia.com/advisories/36499 http://secunia.com/advisories/37039 http://securitytracker.com/id?1023018 http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml http://www.securityfocus.com/bid/36152 http://www.securityfocus.com/bid/36676 http://www.securitytracker.com/id?1022775 http://www.vupen.com/english/advisories/2009/2915 •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-2053
https://notcve.org/view.php?id=CVE-2009-2053
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236. Cisco Unified Communications Manager (también conocido, formalmente CallManager) v4.x, v5.x anteriores a v5.1(3g), v6.x anteriores a v6.1(4), v7.0 anteriores a v7.0(2a)su1, y v7.1 anteriores a v7.1(2) permite a los atacantes remotos causar una denegación de servicio (agotamiento del descriptor de fichero y parada SCCP) a través de la inundación de paquetes TCP, también conocido como Bug ID CSCsx32236. • http://osvdb.org/57455 http://secunia.com/advisories/36498 http://secunia.com/advisories/36499 http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml http://www.securityfocus.com/bid/36152 http://www.securitytracker.com/id?1022775 •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-2054
https://notcve.org/view.php?id=CVE-2009-2054
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689. Cisco Unified Communications Manager (también conocido como CUCM, formalmente CallManager) v4.x, v5.x anteriores a v5.1(3g), v6.x anteriores a v6.1(4), v7.0 anteriores a v7.0(2a)su1, y v7.1 anteriores a v7.1(2a)su1 permite a los atacantes remotos causar una denegación de servicio (agotamiento de la descripción del fichero y parada SIP) a través de una inundación de paquetes TCP, también conocido como Bug ID CSCsx23689. • http://osvdb.org/57456 http://secunia.com/advisories/36498 http://secunia.com/advisories/36499 http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml http://www.securityfocus.com/bid/36152 http://www.securitytracker.com/id?1022775 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0632
https://notcve.org/view.php?id=CVE-2009-0632
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. La funcionalidad IP Phone Personal Address Book (PAB) Synchronizer en Cisco Unified Communications Manager (también conocido como CUCM, formalmente CallManager) v4.1, v4.2 anteriores v4.2(3)SR4b, v4.3 anteriores v4.3(2)SR1b, v5.x anteriores v5.1(3e), v6.x anteriores v6.1(3), y v7.0 anteriores v7.0(2) envía credenciales de cuentas privilegiadas del servicio directorio a el cliente en texto plano, lo que permite a los atacantes remotos modificar la configuración CUCM y desarrollar otros acciones privilegiadas interceptando estas credenciales, y usándola en peticiones no relativas a las tareas de sincronización establecidas, como se ha demostrado a través de (1) credenciales de la cuenta DC Directory en CUCM v4.x y (2) credenciales de cuenta TabSyncSysUser en CUCM v5.x hasta v7.x. • http://osvdb.org/52589 http://secunia.com/advisories/34238 http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml http://www.securityfocus.com/bid/34082 http://www.securitytracker.com/id?1021839 http://www.vupen.com/english/advisories/2009/0675 https://exchange.xforce.ibmcloud.com/vulnerabilities/49196 • CWE-255: Credentials Management Errors •