CVE-2002-0505 : Memory leak in the Call Telephony Integration (CTI) Framework authentication for

Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.

Published 2002-08-12 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2002-0505

Cisco » Call Manager » Version: 3.0
cpe:2.3:h:cisco:call_manager:3.0:*:*:*:*:*:*:*
Matching versions
Cisco » Call Manager » Version: 3.1
cpe:2.3:h:cisco:call_manager:3.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2002-0505

EPSS FAQ

0.82%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 72 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2002-0505

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2002-0505

http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml
http://www.iss.net/security_center/static/8655.php

Patch;Vendor Advisory
http://www.securityfocus.com/bid/4370

Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2002-0505

Products affected by CVE-2002-0505

Exploit prediction scoring system (EPSS) score for CVE-2002-0505

CVSS scores for CVE-2002-0505

References for CVE-2002-0505