Lucene search
HistoryAug 26, 2010 - 9:00 p.m.
CVE-2010-2840
cisco
unified presence
pe service
denial of service
sip
vulnerability
cve-2010-2840
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.7
Confidence
High
EPSS
0.003
Percentile
65.9%
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
Affected configurations
Node
ciscounified_presence_serverMatch6.0
ORciscounified_presence_serverMatch6.0\(2\)
ORciscounified_presence_serverMatch6.0\(3\)
ORciscounified_presence_serverMatch6.0\(4\)
ORciscounified_presence_serverMatch6.0\(5\)
ORciscounified_presence_serverMatch6.0\(6\)
ORciscounified_presence_serverMatch7.0
ORciscounified_presence_serverMatch7.0\(2\)
ORciscounified_presence_serverMatch7.0\(3\)
ORciscounified_presence_serverMatch7.0\(4\)
ORciscounified_presence_serverMatch7.0\(5\)
ORciscounified_presence_serverMatch7.0\(6\)
ORciscounified_presence_serverMatch7.0\(7\)
Node
ciscounified_presence_serverMatch6.0\(2.1101\)
ORciscounified_presence_serverMatch6.0\(3.1101-2\)
ORciscounified_presence_serverMatch6.0\(4.1101-5\)
ORciscounified_presence_serverMatch6.0\(5.1101-1\)
ORciscounified_presence_serverMatch6.0\(5.1103-2\)
ORciscounified_presence_serverMatch6.0.5.1102-1
ORciscounified_presence_serverMatch7.0.3.10102-3
ORciscounified_presence_serverMatch7.0.3.10103-2
ORciscounified_presence_serverMatch7.0.4.10101-2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_presence_server | 7.0%283%29 | cpe:/a:cisco:unified_presence_server:7.0%283%29::: |
| cisco | unified_presence_server | 6.0%283%29 | cpe:/a:cisco:unified_presence_server:6.0%283%29::: |
| cisco | unified_presence_server | 6.0%286%29 | cpe:/a:cisco:unified_presence_server:6.0%286%29::: |
| cisco | unified_presence_server | 6.0%285%29 | cpe:/a:cisco:unified_presence_server:6.0%285%29::: |
| cisco | unified_presence_server | 7.0 | cpe:/a:cisco:unified_presence_server:7.0::: |
| cisco | unified_presence_server | 6.0%284%29 | cpe:/a:cisco:unified_presence_server:6.0%284%29::: |
| cisco | unified_presence_server | 7.0%282%29 | cpe:/a:cisco:unified_presence_server:7.0%282%29::: |
| cisco | unified_presence_server | 7.0%284%29 | cpe:/a:cisco:unified_presence_server:7.0%284%29::: |
| cisco | unified_presence_server | 7.0%285%29 | cpe:/a:cisco:unified_presence_server:7.0%285%29::: |
| cisco | unified_presence_server | 7.0%286%29 | cpe:/a:cisco:unified_presence_server:7.0%286%29::: |
Related
nvd
nvd
CVE-2010-2840
2010-08-26 21:00:01
cvelist
cvelist
CVE-2010-2840
2010-08-26 20:00:00
prion
prion
Code injection
2010-08-26 21:00:00
securityvulns
securityvulns
Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
2010-08-30 00:00:00
Cisco Unified Presence / Cisco Unified Communications Manager DoS
2010-09-27 00:00:00
cisco
cisco
Cisco Unified Presence Denial of Service Vulnerabilities
2010-08-25 16:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.7
Confidence
High
EPSS
0.003
Percentile
65.9%
Related for CVE-2010-2840