Vulnerability Description
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.1 |
| Cisco | Ios Xe | 2.5.0 |
| Cisco | Unified Communications Manager | 6.0 |
References
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.sPatchVendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.sPatchVendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.sPatchVendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.sPatchVendor Advisory
FAQ
What is CVE-2010-2835?
CVE-2010-2835 is a vulnerability with a CVSS score of 7.8 (HIGH). Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7....
How severe is CVE-2010-2835?
CVE-2010-2835 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2835?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe, Cisco Unified Communications Manager.