Vulnerability Description
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | 7.0\(1\)su1 |
Related Weaknesses (CWE)
References
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.sVendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.sVendor Advisory
FAQ
What is CVE-2011-2561?
CVE-2011-2561 is a vulnerability with a CVSS score of 7.1 (HIGH). The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situ...
How severe is CVE-2011-2561?
CVE-2011-2561 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2561?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager.