Lucene search

CiscoCISCO-SA-20100324-H323

HistoryMar 24, 2010 - 4:00 p.m.

Cisco IOS Software H.323 Denial of Service Vulnerabilities

2010-03-2416:00:00

tools.cisco.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

The H.323 implementation in Cisco IOS Software contains two
vulnerabilities that may be exploited remotely to cause a denial of service
(DoS) condition on a device that is running a vulnerable version of Cisco IOS
Software.

Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities
other than disabling H.323 on the vulnerable device if H.323 is not
required.

This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100324-h323[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100324-h323”].

Note: The March 24, 2010, Cisco IOS Software Security Advisory bundled
publication includes seven Security Advisories. All the advisories address
vulnerabilities in Cisco IOS Software. Each advisory lists the releases that
correct the vulnerability or vulnerabilities detailed in the advisory. The
table at the following URL lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on March 24, 2010, or earlier:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100324-bundle[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100324-bundle”]

Individual publication links are in “Cisco Event Response:
Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the
following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar10.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar10.html”]

CPENameOperatorVersion
ioseq12.2B
ioseq12.2YA
ioseq12.2YC
ioseq12.2YD
ioseq12.2YH
ioseq12.2BW
ioseq12.2MC
ioseq12.2MX
ioseq12.2YJ
ioseq12.2YT

Name	Operator	Version
ios	eq	12.2B
ios	eq	12.2YA
ios	eq	12.2YC
ios	eq	12.2YD
ios	eq	12.2YH
ios	eq	12.2BW
ios	eq	12.2MC
ios	eq	12.2MX
ios	eq	12.2YJ
ios	eq	12.2YT

Rows per page:

1-10 of 6481

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100324-h323

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CISCO-SA-20100324-H323