Описание
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 15.0\(1\)xa1 (исключая)
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00851
Низкий
7.8 High
CVSS2
Дефекты
CWE-400
Связанные уязвимости
github
больше 3 лет назад
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.
EPSS
Процентиль: 74%
0.00851
Низкий
7.8 High
CVSS2
Дефекты
CWE-400