Vulnerability Details : CVE-2011-2564
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.
Vulnerability category: Denial of service
Products affected by CVE-2011-2564
- cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:intercompany_media_engine:8.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:intercompany_media_engine:8.0\(3\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2564
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2564
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
References for CVE-2011-2564
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml
Denial of Service Vulnerabilities in Cisco Intercompany Media Engine - CiscoVendor Advisory
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml
Cisco Unified Communications Manager Denial of Service Vulnerabilities - CiscoVendor Advisory
-
http://www.securitytracker.com/id?1025969
Cisco Intercompany Media Engine Bugs Let Remote Users Deny Service - SecurityTracker
Jump to