Vulnerability Description
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Presence Server | 6.0 |
Related Weaknesses (CWE)
References
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.sPatchVendor Advisory
- http://www.vupen.com/english/advisories/2010/2186
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.sPatchVendor Advisory
- http://www.vupen.com/english/advisories/2010/2186
FAQ
What is CVE-2010-2840?
CVE-2010-2840 is a vulnerability with a CVSS score of 7.8 (HIGH). The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which a...
How severe is CVE-2010-2840?
CVE-2010-2840 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2840?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Presence Server.