Lucene search

[email protected]CVE-2010-2840

HistoryAug 26, 2010 - 9:00 p.m.

CVE-2010-2840

2010-08-2621:00:01

CWE-20

[email protected]

web.nvd.nist.gov

cisco

unified presence

pe service

denial of service

sip

vulnerability

cve-2010-2840

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

JSON

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

Affected configurations

NVD

Node

ciscounified_presence_serverMatch6.0

ciscounified_presence_serverMatch6.0\(2\)

ciscounified_presence_serverMatch6.0\(3\)

ciscounified_presence_serverMatch6.0\(4\)

ciscounified_presence_serverMatch6.0\(5\)

ciscounified_presence_serverMatch6.0\(6\)

ciscounified_presence_serverMatch7.0

ciscounified_presence_serverMatch7.0\(2\)

ciscounified_presence_serverMatch7.0\(3\)

ciscounified_presence_serverMatch7.0\(4\)

ciscounified_presence_serverMatch7.0\(5\)

ciscounified_presence_serverMatch7.0\(6\)

ciscounified_presence_serverMatch7.0\(7\)

Node

ciscounified_presence_serverMatch6.0\(2.1101\)

ciscounified_presence_serverMatch6.0\(3.1101-2\)

ciscounified_presence_serverMatch6.0\(4.1101-5\)

ciscounified_presence_serverMatch6.0\(5.1101-1\)

ciscounified_presence_serverMatch6.0\(5.1103-2\)

ciscounified_presence_serverMatch6.0.5.1102-1

ciscounified_presence_serverMatch7.0.3.10102-3

ciscounified_presence_serverMatch7.0.3.10103-2

ciscounified_presence_serverMatch7.0.4.10101-2

CPENameOperatorVersion
cisco:unified_presence_servercisco unified presence servereq6.0
cisco:unified_presence_servercisco unified presence servereq6.0\(2\)
cisco:unified_presence_servercisco unified presence servereq6.0\(3\)
cisco:unified_presence_servercisco unified presence servereq6.0\(4\)
cisco:unified_presence_servercisco unified presence servereq6.0\(5\)
cisco:unified_presence_servercisco unified presence servereq6.0\(6\)
cisco:unified_presence_servercisco unified presence servereq7.0
cisco:unified_presence_servercisco unified presence servereq7.0\(2\)
cisco:unified_presence_servercisco unified presence servereq7.0\(3\)
cisco:unified_presence_servercisco unified presence servereq7.0\(4\)

CPE	Name	Operator	Version
cisco:unified_presence_server	cisco unified presence server	eq	6.0
cisco:unified_presence_server	cisco unified presence server	eq	6.0\(2\)
cisco:unified_presence_server	cisco unified presence server	eq	6.0\(3\)
cisco:unified_presence_server	cisco unified presence server	eq	6.0\(4\)
cisco:unified_presence_server	cisco unified presence server	eq	6.0\(5\)
cisco:unified_presence_server	cisco unified presence server	eq	6.0\(6\)
cisco:unified_presence_server	cisco unified presence server	eq	7.0
cisco:unified_presence_server	cisco unified presence server	eq	7.0\(2\)
cisco:unified_presence_server	cisco unified presence server	eq	7.0\(3\)
cisco:unified_presence_server	cisco unified presence server	eq	7.0\(4\)