Vulnerability Details : CVE-2009-2051
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
Vulnerability category: Denial of service
Products affected by CVE-2009-2051
- cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- Cisco » Unified Communications ManagerVersions from including (>=) 6.1\(1\) and before (<) 6.1\(4\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2051
1.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
References for CVE-2009-2051
-
http://www.securitytracker.com/id?1022775
GoDaddy Domain Name SearchThird Party Advisory;VDB Entry
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml
Products, Solutions, and Services - CiscoPatch;Vendor Advisory
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities - CiscoVendor Advisory
-
http://www.securityfocus.com/bid/36152
Third Party Advisory;VDB Entry
Jump to