5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.2%
Cisco Internetwork Operating System (IOS®) Software release trains
12.1YD, 12.2T, 12.3 and 12.3T, when configured for the Cisco IOS Telephony
Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site
Telephony (SRST) may contain a vulnerability in processing certain malformed
control protocol messages.
A successful exploitation of this vulnerability may cause a reload of
the device and could be exploited repeatedly to produce a Denial of Service
(DoS). This advisory is available at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050119-itscme[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050119-itscme”]
Cisco has made free software upgrades available to address this
vulnerability for all affected customers. There are workarounds available to
mitigate the effects of the vulnerability.
This vulnerability is documented by Cisco bug ID CSCee08584.