Code injection

2009-08-2717:00:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.1%

JSON

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

CPENameOperatorVersion
iosge12.2
iosle12.4
iosge15.0
iosle15.1
ios_xege2.5.0
ios_xele2.6.1
unified_communications_managereq>= 6.11 AND < 6.14
unified_communications_managerge5.0
unified_communications_managerlt5.1
unified_communications_managerge7.1

Name	Operator	Version
ios	ge	12.2
ios	le	12.4
ios	ge	15.0
ios	le	15.1
ios_xe	ge	2.5.0
ios_xe	le	2.6.1
unified_communications_manager	eq	>= 6.11 AND < 6.14
unified_communications_manager	ge	5.0
unified_communications_manager	lt	5.1
unified_communications_manager	ge	7.1