Vulnerability Details : CVE-2011-4019
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
Vulnerability category: Denial of service
Products affected by CVE-2011-4019
- cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.0_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4019
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4019
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:N/AC:H/Au:N/C:N/I:N/A:C |
4.9
|
6.9
|
NIST |
CWE ids for CVE-2011-4019
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4019
-
http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf
-
http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html
Cross-Platform Release Notes for Cisco IOS Release 15.1M&T - Release 15.1(1)T Caveats [Cisco IOS 15.1M&T] - Cisco
Jump to