The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability bulletin CVE-2009-2050 CVE-2009-2051 CVE-2009-2052

Cisco Unified Communications Manager: denials of service

Synthesis of the vulnerability

An attacker can use five vulnerabilities of Cisco Unified Communications Manager, in order to generate a denial of service.
Vulnerable systems: Cisco CallManager, Cisco CUCM.
Severity of this threat: 3/4.
Consequences of a hack: denial of service on service.
Pirate's origin: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 26/08/2009.
Références of this weakness: 110580, 110849, BID-36152, CERTA-2009-AVI-357, cisco-sa-20090826-cucm, CSCsi46466, CSCsq22534, CSCsx23689, CSCsx32236, CSCsz40392, CVE-2009-2050, CVE-2009-2051, CVE-2009-2052, CVE-2009-2053, CVE-2009-2054, VIGILANCE-VUL-8978.

Description of the vulnerability

An attacker can use five vulnerabilities of Cisco Unified Communications Manager, in order to generate a denial of service.

An attacker can use a SIP packet with a malformed header, in order to stop the service. [severity:3/4; CERTA-2009-AVI-357, CSCsi46466, CVE-2009-2050]

An attacker can use a malformed SIP INVITE packet, in order to stop the service. [severity:3/4; CSCsz40392, CVE-2009-2051]

An attacker can use several TCP sessions, in order to fill the firewall session table. [severity:2/4; CSCsq22534, CVE-2009-2052]

An attacker can use several SCCP sessions, in order to use all available file descriptors. [severity:2/4; CSCsx32236, CVE-2009-2053]

An attacker can use several SIP sessions, in order to use all available file descriptors. [severity:2/4; CSCsx23689, CVE-2009-2054]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities management. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities.