CVE-2009-2051

high

Description

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

References

http://www.securitytracker.com/id?1022775

http://www.securityfocus.com/bid/36152

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml

http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml

http://secunia.com/advisories/36499

http://secunia.com/advisories/36498

Details

Source: Mitre, NVD

Published: 2009-08-27

Updated: 2021-10-06

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High