63177 : Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspecified Remote DoS (CSCsz49741)
Printer | http://osvdb.org/63177 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
6	788	about 3 years ago	about 3 years ago	4 times	90%

Timeline

Disclosure Date
2010-03-24

Time to Vendor Response
0 days

Description

Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) is enabled, contains a flaw that may allow a remote denial of service (e.g., device reload). The issue is triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages, and will result in loss of availability for the device.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified

Solution

Migrate from vulnerable 12.1x versions to 12.2 or upgrade vulnerable versions 12.2x and 12.3x to 12.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Cisco recommends that users with non-patched versions should contact their support organization for instructions on obtaining corrected software.

Products

Cisco Systems, Inc.	Cisco IOS	12.3B
		12.2XB
		12.2YD
		12.3XF
		12.3XU
		12.2BX
		12.2ZE
		12.3XA
		12.3JK
		12.3T
		12.1YD
		12.2ZF
		12.3XB
		12.3YS
		12.1YE
		12.3XG
		12.3XW
		12.2BY
		12.3XC
		12.2MC
		12.3YT
		12.2YT
		12.2ZH
		12.3YU
		12.1YI
		12.2YH
		12.3XI
		12.2YU
		12.4
		12.2XG
		12.3XJ
		12.3XK
		12.3YF
		12.2YV
		12.2XU
		12.4MR
		12.3XL
		12.2YW
		12.2ZL
		12.4T
		12.2YJ
		12.2YY
		12.2XT
		12.3XQ
		12.2YL
		12.2ZB
		12.2ZP
		12.3YQ
		12.2T
		12.2YA
		12.2YB
		12.3XD
		12.3XR
		12.3YK
		12.2YM
		12.2ZC
		12.3
		12.2XM
		12.2YC
		12.3XE
		12.2YN
		12.2ZD
		12.2TPC
		12.3TPC
12.3XX
12.3XY
12.3XZ
12.3YM
12.3YX
12.3YZ
12.3ZA
12.3ZA
12.4GC
12.4XA
12.4XB
12.4XC
12.4XD
12.4XE
12.4XG
12.4XJ
12.4XL
12.4XM
12.4XP
12.4XT
12.4XV
12.4XW
12.4XY
12.4XZ
12.4YA
12.4YB

References

CVE ID: 2010-0586 (see also: NVD)
Secunia Advisory ID: 39069
Related OSVDB ID: 63176
Mail List Post: http://seclists.org/fulldisclosure/2010/Mar/461
Vendor Specific Advisory URL: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f33.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 7.8
Source: nvd.nist.gov | Generated: 2010-03-26 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.