Lucene search

CiscoCISCO-SA-20151026-CUBE

HistoryOct 26, 2015 - 10:00 a.m.

Cisco Unified Border Element Denial of Service Vulnerability

2015-10-2610:00:00

tools.cisco.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.002

Percentile

56.2%

JSON

A vulnerability in the Session Initiation Protocol (SIP) functionality of Cisco Unified Border Element (CUBE) could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

The vulnerability is due to incorrect processing of SIP messages. An attacker could exploit this vulnerability by sending unsupported SIP messages to a CUBE.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151026-cube[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151026-cube”]

Affected configurations

Vulners

Node

ciscoiosMatchany

VendorProductVersionCPE
ciscoiosanycpe:2.3:o:cisco:ios:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	any	cpe:2.3:o:cisco:ios:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151026-cube

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.002

Percentile

56.2%

JSON

Related for CISCO-SA-20151026-CUBE