CVE-2009-2051

2009-08-2717:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2009-2051

cisco

ios

unified communications manager

dos

sip

invite

remote attackers

denial of service

6.7 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.012 Low

EPSS

Percentile

85.0%

JSON

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

CPENameOperatorVersion
cisco:ioscisco iosle12.4
cisco:unified_communications_managercisco unified communications managerlt6.1\(4\)
cisco:unified_communications_managercisco unified communications managerlt5.1\(3g\)
cisco:unified_communications_managercisco unified communications managerlt7.1\(2\)
cisco:ios_xecisco ios xele2.6.1
cisco:ioscisco iosle15.1

CPE	Name	Operator	Version
cisco:ios	cisco ios	le	12.4
cisco:unified_communications_manager	cisco unified communications manager	lt	6.1\(4\)
cisco:unified_communications_manager	cisco unified communications manager	lt	5.1\(3g\)
cisco:unified_communications_manager	cisco unified communications manager	lt	7.1\(2\)
cisco:ios_xe	cisco ios xe	le	2.6.1
cisco:ios	cisco ios	le	15.1