Vulnerability Details : CVE-2010-4687
STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4687
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4687
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-4687
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4687
-
http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
Release Notes;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64584
Cisco IOS STCAPP denial of service CVE-2010-4687 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/45769
Cisco IOS Denial of Service and Security Bypass VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2010-4687
- cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*