18 matches found
CVE-2008-3800
CVE-2008-3800 affects Cisco IOS 12.2–12.4 with VoIP and Cisco Unified Communications Manager 4.1–6.1. A DoS can be triggered by processing specific valid SIP messages, causing a reload of the device or main CCM process. The vulnerability is tied to Cisco bug CSCsu38644. Affected CUCM/IOS versions...
CVE-2008-3801
CVE-2008-3801 affects Cisco IOS 12.2–12.4 and Cisco Unified Communications Manager (CUCM) 4.1–6.1 when VoIP is enabled. Affected SIP processing of valid SIP messages can cause the CCM/IOS DPS to reload, resulting in DoS (service disruption). Cisco advisories list fixed releases: CUCM 4.1(3)SR8, 4...
CVE-2007-1826
CVE-2007-1826 affects Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3). The issue is an unspecified vulnerability that lets remote attackers cause a denial of service (loss of cluster services) by sending a specific UDP packet to UD...
CVE-2008-0027
CVE-2008-0027 corresponds to a heap overflow in Cisco Unified Communications Manager’s CTL Provider service (CTLProvider.exe). The flaw; occurs in CUCM 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and in CallManager 4.0/4.1 before 4.1(3)SR5c; the CTL Provider listens on TCP port 2444 and proces...
CVE-2009-2864
Cisco Unified Communications Manager (CUCM) versions affected: 5.x before 5.1(3g); 6.x before 6.1(4); 7.0.x before 7.0(2a)su1; 7.1.x before 7.1(2). Root cause is a denial-of-service in the SIP handling that can crash/restart the CM process when processing crafted SIP messages. CVSS base score in ...
CVE-2007-1833
The CVE-2007-1833 issue affects Cisco Unified CallManager (CUCM) across multiple releases: 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1. The Skinny Call Control Protocol (SCCP) implementation allows remote attackers to cause a denial of service (los...
CVE-2008-1744
CVE-2008-1744 affects Cisco Unified Communications Manager (CUCM) CAPF (Certificate Authority Proxy Function) across CUCM 4.1/4.2/4.3 with specific SR updates. The CAPF service, normally TCP 3804 and disabled by default, may be abused by remote malformed network traffic to trigger a denial-of-ser...
CVE-2007-1834
CVE-2007-1834 affects Cisco Unified CallManager (CUCM) 5.0 prior to 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 prior to 1.0(3). The vulnerability allows unauthenticated, remote attackers to cause a denial of service (loss of voice services) by sending a flood of ICMP echo requests. R...
CVE-2008-0026
Cisco Unified CallManager/Communications Manager (CUCM) versions affected: 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a). A SQL injection vulnerability exists in the key parameter of the admin and user interface pages, allowing an authenticated remote attacker to inject SQL commands. The atta...
CVE-2007-5538
CVE-2007-5538 describes a buffer overflow in the Centralized TFTP File Locator Service of Cisco Unified Communications Manager (CUCM) (formerly CallManager) 5.1 before 5.1(3) and Unified CallManager 5.0. The vulnerability occurs during processing of filenames, allowing remote attackers to execute...
CVE-2006-3592
Cisco Unified CallManager (CUCM) 5.0(1)–5.0(3a) contains an unspecified CLI vulnerability (bug CSCse11005) that allows local users to execute arbitrary commands with elevated privileges via certain CLI commands. Affected component: CLI in CUCM. Root cause: unspecified vectors within the CLI comma...
CVE-2006-3594
CVE-2006-3594 refers to a buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1)–5.0(3a) that lets remote attackers execute arbitrary code via a long hostname in a SIP request (bug CSCsd96542). The issue affects CUCM and is ranked HIGH with CVSS v2 base score 7.5, vector AV:N/AC:L/Au:N/C:P/I:...
CVE-2006-5553
Cisco Security Agent (CSA) for Linux is affected in 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as deployed with Unified CallManager (CUCM) and Unified Presence Server (CUPS). The issue allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain opt...
CVE-2015-0680
Cisco Unified Call Manager (CM) 9.1(2.1000.28) is affected by an arbitrary file-read vulnerability caused by improper restriction of resource requests. An authenticated, remote attacker could read arbitrary files on the targeted device via unspecified vectors. This requires authentication, mitiga...
CVE-2006-5277
CVE-2006-5277 affects Cisco Unified Communications Manager (CUCM) prior to 20070711, due to an off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) that can trigger a heap-based buffer overflow. The vulnerability could allow a remote attacker to execute arbitrar...
CVE-2006-3593
CVE-2006-3593 affects Cisco Unified CallManager (CUCM) in versions 5.0(1) through 5.0(3a). The vulnerability enables local users to overwrite arbitrary files by redirecting a command’s output to a file or folder, described as bug CSCse31704. The connected documents confirm the affected product an...
CVE-2006-5278
CVE-2006-5278 affects Cisco Unified Communications Manager (CUCM) RIS Data Collector (RisDC.exe). The issue is an integer overflow that can cause a heap-based buffer overflow when processing crafted packets, enabling remote code execution. Public references document the vulnerability as a pre-200...
CVE-2007-5537
CVE-2007-5537 affects Cisco Unified Communications Manager (CUCM, former CallManager) 5.1 before 5.1(2) and Unified CallManager 5.0. The vulnerability allows remote attackers to cause a denial of service (kernel panic) by sending a flood of SIP INVITE messages to UDP port 5060, triggering resourc...