Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3949

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2012-3949
Last Modified 04 Jun 2013 11:36:53
Published 26 Sep 2012 08:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3949

Summary

The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.

Vulnerable Systems

Operating System

  • Cisco Ios 15.0

  • Cisco Ios 15.0%281%29s1

  • Cisco Ios 15.0%281%29s2

  • Cisco Ios 15.0%281%29se

  • Cisco Ios 15.0m

  • Cisco Ios 15.0mr

  • Cisco Ios 15.0mra

  • Cisco Ios 15.0s

  • Cisco Ios 15.0sa

  • Cisco Ios 15.0sg

  • Cisco Ios 15.0xa

  • Cisco Ios 15.0xo

  • Cisco Ios 15.1

  • Cisco Ios 15.1%281%29xb1

  • Cisco Ios 15.1%282%29t

  • Cisco Ios 15.1%283%29t

  • Cisco Ios 15.1%284%29m

  • Cisco Ios 15.1%284%29m1

  • Cisco Ios 15.1ey

  • Cisco Ios 15.1gc

  • Cisco Ios 15.1m

  • Cisco Ios 15.1s

  • Cisco Ios 15.1t

  • Cisco Ios 15.1xb

  • Cisco Ios 15.2

  • Cisco Ios Xe 3.3.0sg

  • Cisco Ios Xe 3.3.1s

  • Cisco Ios Xe 3.3.1sg

  • Cisco Ios Xe 3.4.0as

  • Cisco Ios Xe 3.4.0s

  • Cisco Ios Xe 3.4.1s

  • Cisco Ios Xe 3.4.2s

  • Cisco Ios Xe 3.4.3s

  • Cisco Ios Xe 3.4.xs

  • Cisco Ios Xe 3.5.0s

  • Cisco Ios Xe 3.5.1s

  • Cisco Ios Xe 3.5.2s

  • Cisco Ios Xe 3.5.xs

Application

  • Cisco Unified Communications Manager 6.0%281a%29

  • Cisco Unified Communications Manager 6.0%281b%29

  • Cisco Unified Communications Manager 6.1%281%29

  • Cisco Unified Communications Manager 6.1%281a%29

  • Cisco Unified Communications Manager 6.1%281b%29

  • Cisco Unified Communications Manager 6.1%282%29

  • Cisco Unified Communications Manager 6.1%283%29

  • Cisco Unified Communications Manager 6.1%283a%29

  • Cisco Unified Communications Manager 6.1%283b%29

  • Cisco Unified Communications Manager 6.1%284%29

  • Cisco Unified Communications Manager 6.1%284a%29

  • Cisco Unified Communications Manager 6.1%284b%29

  • Cisco Unified Communications Manager 6.1%285%29

  • Cisco Unified Communications Manager 7.1%281%29

  • Cisco Unified Communications Manager 7.1%282%29

  • Cisco Unified Communications Manager 7.1%282a%29

  • Cisco Unified Communications Manager 7.1%282b%29

  • Cisco Unified Communications Manager 7.1%283%29

  • Cisco Unified Communications Manager 7.1%283a%29

  • Cisco Unified Communications Manager 7.1%283b%29

  • Cisco Unified Communications Manager 7.1%285%29

  • Cisco Unified Communications Manager 7.1%285a%29

  • Cisco Unified Communications Manager 7.1%285b%29

  • Cisco Unified Communications Manager 7.1%285b%29su1

  • Cisco Unified Communications Manager 7.1%285b%29su1a

  • Cisco Unified Communications Manager 7.1%285b%29su2

  • Cisco Unified Communications Manager 7.1%285b%29su3

  • Cisco Unified Communications Manager 7.1%285b%29su4

  • Cisco Unified Communications Manager 8.0

  • Cisco Unified Communications Manager 8.0%281%29

  • Cisco Unified Communications Manager 8.0%282%29

  • Cisco Unified Communications Manager 8.0%282a%29

  • Cisco Unified Communications Manager 8.0%282b%29

  • Cisco Unified Communications Manager 8.0%282c%29

  • Cisco Unified Communications Manager 8.0%283%29

  • Cisco Unified Communications Manager 8.0%283a%29

  • Cisco Unified Communications Manager 8.5%281%29su1

  • Cisco Unified Communications Manager 8.5%281%29su2

  • Cisco Unified Communications Manager 8.5%281%29su3


References

CISCO - 20120926 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

CISCO - 20120926 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

BID - 55697

SECUNIA - 50774

OSVDB - 85816


Last Updated: 27 May 2016 11:00:48