Vulnerability Details : CVE-2011-2072
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.
Vulnerability category: Denial of service
Products affected by CVE-2011-2072
- cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(2a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(2b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1.1s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1.3s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1.4s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.2.0s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.2.1s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.2.2s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1.0s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.1.2s:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2072
1.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2072
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2011-2072
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2072
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=24129
Cisco IOS Software and Cisco Unified Communications Manager Session Initiation Protocol Packet Handling Denial of Service Vulnerability
-
http://www.securitytracker.com/id?1026110
Cisco Unified Communications Manager SIP Processing Memory Leak Lets Remote Users Interrupt Voice Services - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm
Cisco Unified Communications Manager Memory Leak Vulnerability
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities - CiscoVendor Advisory
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml
Cisco Unified Communications Manager Memory Leak Vulnerability - CiscoVendor Advisory
Jump to