CVE-2009-2051 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2009-2051?

CVE-2009-2051 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2051?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager, Cisco Ios, Cisco Ios Xe.

Vulnerability Description

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Unified Communications Manager	>= 5.0, < 5.1\(3g\)
Cisco	Ios	>= 12.2, <= 12.4
Cisco	Ios Xe	>= 2.5.0, <= 2.6.1

References

http://osvdb.org/57453Broken Link
http://secunia.com/advisories/36498Third Party Advisory
http://secunia.com/advisories/36499Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.sPatchVendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.sVendor Advisory
http://www.securityfocus.com/bid/36152Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1022775Third Party AdvisoryVDB Entry
http://osvdb.org/57453Broken Link
http://secunia.com/advisories/36498Third Party Advisory
http://secunia.com/advisories/36499Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.sPatchVendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.sVendor Advisory
http://www.securityfocus.com/bid/36152Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1022775Third Party AdvisoryVDB Entry

FAQ

What is CVE-2009-2051?

CVE-2009-2051 is a vulnerability with a CVSS score of 7.8 (HIGH). Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x bef...

How severe is CVE-2009-2051?

CVE-2009-2051 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2051?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager, Cisco Ios, Cisco Ios Xe.