2012-09-27 02:55:00 2017-08-29 17:29:40

The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE
Cisco IOS 12.2XR Cisco IOS 12.2XQ Cisco IOS 12.3JA Cisco IOS 12.2XO Cisco IOS 12.2CX Cisco IOS 12.2CY Cisco IOS 12.2BC Cisco IOS 15.2 Cisco IOS 12.2SE Cisco IOS 12.2SB Cisco IOS 15.0 Cisco IOS 15.1 Cisco IOS 12.2SM Cisco IOS 12.2BY Cisco IOS 12.2BZ Cisco IOS 12.2SG Cisco IOS 12.2BW Cisco IOS 12.2BX Cisco IOS XE 3.3.1s Cisco IOS 12.2SXF Cisco IOS 12.2SXI Cisco Ios 12.2rc (not an official CPE) Cisco IOS 12.2SXA Cisco IOS 12.2SGA Cisco IOS 12.2DD Cisco IOS 12.2T Cisco IOS 12.2S Cisco IOS 12.2DA Cisco IOS 12.2SXB Cisco IOS 12.2SXE Cisco Ios 12.2l (not an official CPE) Cisco IOS 12.2SXD Cisco IOS 12.3B Cisco Ios 15.1(4)m1 (not an official CPE) Cisco IOS XE 3.4.3s Cisco IOS XE 3.5.0s Cisco IOS 12.2SED Cisco IOS 12.2SEC Cisco IOS 12.2DX Cisco IOS 12.2SEF Cisco IOS 12.2SEE Cisco IOS 12.2SU Cisco Ios 15.0mr (not an official CPE) Cisco Ios 12.2sr (not an official CPE) Cisco IOS 12.2CA Cisco IOS 12.2SZ Cisco IOS 12.2SY Cisco IOS 12.2SVE Cisco IOS 12.2SX Cisco IOS 12.2SVD Cisco IOS 12.2SW Cisco IOS 12.2SV Cisco IOS 12.2B Cisco IOS 12.2SEG Cisco IOS 12.2IRB Cisco IOS 12.3VA Cisco IOS 12.2CZ Cisco IOS 12.2SEB Cisco IOS 12.2 SEA Cisco IOS 12.2XNB Cisco IOS XE 3.4.0as Cisco IOS XE 3.4.1s Cisco IOS 12.2XND Cisco IOS 12.2XNC Cisco IOS 12.2SCB Cisco IOS 12.2SCA Cisco Ios 15.0mra (not an official CPE) Cisco IOS 12.3T Cisco Ios 15.1(2)t (not an official CPE) Cisco IOS XE 3.4.2s Cisco IOS 12.2ZP Cisco Ios 15.0sa (not an official CPE) Cisco IOS 12.2SBC Cisco IOS 12.3BC Cisco Ios 15.1ey (not an official CPE) Cisco IOS 12.2EWA Cisco IOS 12.3BW Cisco IOS XE 3.3.0SG Cisco IOS 12TPC Cisco IOS 12.2SRA Cisco IOS XE 3.4.0s Cisco IOS 12.2SRC Cisco IOS 12.2SRB Cisco Ios 15.1(3)t (not an official CPE) Cisco Ios 15.0sg (not an official CPE) Cisco IOS 12.2ZY Cisco IOS 12.2ZX Cisco IOS 12.2ZU Cisco IOS XE 3.5.2s Cisco IOS XE 3.3.1SG Cisco IOS 12.2YZ Cisco IOS 12.2YY Cisco IOS 12.2YX Cisco IOS 12.2YW Cisco IOS 12.2YV Cisco Ios 15.0xo (not an official CPE) Cisco IOS 12.2YU Cisco IOS 12.2YT Cisco IOS 12.2ZD Cisco IOS 12.2ZC Cisco IOS 12.2ZB Cisco IOS 12.2ZA Cisco IOS 12.2ZL Cisco IOS 12.2ZJ Cisco Ios 15.0xa (not an official CPE) Cisco IOS 12.2ZH Cisco IOS XE 3.4.xS Cisco IOS 12.2ZG Cisco IOS 12.2ZF Cisco IOS 12.2ZE Cisco Ios 15.1(4)m (not an official CPE) Cisco IOS 12.2EX Cisco IOS 12.3XL Cisco IOS 12.2EY Cisco IOS 12.3XK Cisco IOS 12.2EZ Cisco Ios 15.1s (not an official CPE) Cisco Ios 15.1t (not an official CPE) Cisco IOS 12.2TPC Cisco Ios 15.1m (not an official CPE) Cisco IOS 12.2 Cisco IOS 12.3 Cisco IOS 12.2MB Cisco Ios 15.0s (not an official CPE) Cisco Ios 15.1xb (not an official CPE) Cisco Ios 15.0m (not an official CPE) Cisco IOS XE 3.5.1s Cisco Ios 15.1gc (not an official CPE) Cisco IOS 12.2XC Cisco IOS 12.2XD Cisco IOS 12.2XE Cisco IOS 12.2XF Cisco IOS 12.2XG Cisco IOS 12.2XH Cisco IOS 12.2XI Cisco IOS 12.2XJ Cisco IOS 12.3ZA Cisco IOS 12.2XA Cisco IOS 12.2XB Cisco IOS 12.3YS Cisco IOS 12.3YT Cisco IOS 12.3YU Cisco IOS 12.3YX Cisco IOS 12.3YZ Cisco IOS 12.2YL Cisco IOS 12.2YM Cisco IOS 12.2YN Cisco IOS 12.2YO Cisco IOS 12.2YP Cisco IOS 12.2YQ Cisco IOS 12.2YR Cisco IOS 12.2YS Cisco IOS 12.2YD Cisco IOS 12.2YE Cisco IOS 12.2YF Cisco IOS 12.2YG Cisco IOS 12.2YH Cisco IOS 12.3JX Cisco IOS 12.2YJ Cisco IOS 12.2YK Cisco IOS 12.3JL Cisco IOS 12.2ZYA Cisco IOS 12.2YA Cisco IOS 12.2YB Cisco IOS 12.2YC Cisco IOS 12.2XS Cisco IOS 12.2XT Cisco IOS 15.0 (1)SE Cisco IOS 12.2XU Cisco IOS 12.2XV Cisco Ios 15.1(1)xb1 (not an official CPE) Cisco IOS 12.2XW Cisco IOS 12.3JEC Cisco IOS 12.3JEA Cisco IOS 12.3JEB Cisco IOS 12.3JK Cisco IOS 12.3XQ Cisco IOS 12.3XB Cisco IOS 12.3XC Cisco IOS 12.3XD Cisco IOS 12.3XE Cisco IOS 12.2EW Cisco IOS 12.2IXF Cisco IOS 12.3XF Cisco IOS 12.2IXG Cisco IOS 12.3XG Cisco IOS 12.2IXD Cisco IOS 12.2IXE Cisco IOS 12.3XI Cisco IOS 12.3XA Cisco Ios 15.0(1)s2 (not an official CPE) Cisco Ios 15.0(1)s1 (not an official CPE) Cisco IOS XE 3.5.xS Cisco IOS 12.2IXB Cisco IOS 12.3YK Cisco IOS 12.2IXC Cisco IOS 12.2FZ Cisco IOS 12.3YM Cisco IOS 12.2FY Cisco IOS 12.2IXA Cisco IOS 12.3YQ Cisco IOS 12.3YD Cisco IOS 12.3YF Cisco IOS 12.2FX Cisco IOS 12.3YG Cisco IOS 12.3YH Cisco IOS 12.3YJ Cisco IOS 12.3XZ Cisco IOS 12.2SVC Cisco IOS 12.3YA Cisco IOS 12.2SVA Cisco IOS 12.3XR Cisco IOS 12.3XS Cisco IOS 12.3XU Cisco IOS 12.3XW Cisco IOS 12.3XX Cisco IOS 12.3XY Cisco IOS 12.2XK Cisco IOS 12.2XL Cisco IOS 12.2XM Cisco IOS 12.2XN
Cisco Unified Communications Manager 6.0(1b) Cisco Unified Communications Manager 8.0(3a) Cisco Unified Communications Manager 8.0 Cisco Unified communications manager 6.1(4b) (not an official CPE) Cisco Unified Communications Manager 6.1(5) Cisco Unified Communications Manager 6.1(1a) Cisco Unified Communications Manager 8.0(2a) Cisco Unified Communications Manager 7.1(3b) Cisco Unified Communications Manager 6.1(1b) Cisco Unified Communications Manager 6.1(3) Cisco Unified Communications Manager 8.0(2c) Cisco Unified communications manager 7.1(2) (not an official CPE) Cisco Unified Communications Manager 8.5(1)su1 Cisco Unified Communications Manager 8.5(1)su2 Cisco Unified Communications Manager 6.1(1) Cisco Unified communications manager 7.1(1) (not an official CPE) Cisco Unified Communications Manager 8.5(1)su3 Cisco Unified Communications Manager 6.1(3a) Cisco Unified Communications Manager 7.1(5b)su1a Cisco Unified Communications Manager 6.1(3b) Cisco Unified Communications Manager 6.1(2) Cisco Unified Communications Manager 7.1(5a) Cisco Unified Communications Manager 6.1(4a) Cisco Unified Communications Manager 8.0(1) Cisco Unified Communications Manager 7.1(5) Cisco Unified Communications Manager 8.0(2b) Cisco Unified Communications Manager 7.1(3a) Cisco Unified Communications Manager 7.1(5b) Cisco Unified Communications Manager 6.0(1a) Cisco Unified Communications Manager 7.1(5b)su1 Cisco Unified Communications Manager 7.1(2a) Cisco Unified Communications Manager 7.1(5b)su4 Cisco Unified Communications Manager 7.1(5b)su2 Cisco Unified Communications Manager 7.1(5b)su3 Cisco Unified Communications Manager 6.1(4) Cisco Unified Communications Manager 8.0(2) Cisco Unified Communications Manager 7.1(3) Cisco Unified Communications Manager 8.0(3) Cisco Unified Communications Manager 7.1(2b)

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)