var-200507-0192
Vulnerability from variot
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). The CallManager CTI Manager service is susceptible to a remote denial of service vulnerability. This issue is documented in Cisco bug CSCee00116, which is available to Cisco customers. This issue may be exploited to cause the affected application to restart, denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. There are denial of service vulnerabilities in multiple versions of CCM (3.2 and earlier, 3.3 earlier than 3.3(5), 4.0 earlier than 4.0(2a)SR2b, and 4.1 4.1 earlier than 4.1(3)SR1)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200507-0192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "call manager",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "call manager sr1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es07",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es33",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager sr2b",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager es40",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "3.3(5)"
},
{
"model": "call manager es25",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager es61",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1"
}
],
"sources": [
{
"db": "BID",
"id": "14251"
},
{
"db": "BID",
"id": "14252"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeff Fay from PatchAdvisor reported this vulnerability to the vendor.",
"sources": [
{
"db": "BID",
"id": "14251"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
],
"trust": 0.9
},
"cve": "CVE-2005-2242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-13451",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2242",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200507-129",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-13451",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13451"
},
{
"db": "NVD",
"id": "CVE-2005-2242"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). The CallManager CTI Manager service is susceptible to a remote denial of service vulnerability. \nThis issue is documented in Cisco bug CSCee00116, which is available to Cisco customers. \nThis issue may be exploited to cause the affected application to restart, denying service to legitimate users. \nThis issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. There are denial of service vulnerabilities in multiple versions of CCM (3.2 and earlier, 3.3 earlier than 3.3(5), 4.0 earlier than 4.0(2a)SR2b, and 4.1 4.1 earlier than 4.1(3)SR1)",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2242"
},
{
"db": "BID",
"id": "14251"
},
{
"db": "BID",
"id": "14252"
},
{
"db": "VULHUB",
"id": "VHN-13451"
}
],
"trust": 1.53
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-13451",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13451"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "14251",
"trust": 2.0
},
{
"db": "BID",
"id": "14252",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2005-2242",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20050712 CISCO CALLMANAGER MEMORY HANDLING VULNERABILITIES",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "25967",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-13451",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13451"
},
{
"db": "BID",
"id": "14251"
},
{
"db": "BID",
"id": "14252"
},
{
"db": "NVD",
"id": "CVE-2005-2242"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
]
},
"id": "VAR-200507-0192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13451"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:26:01.231000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14251"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14252"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml"
},
{
"trust": 0.3,
"url": "http://www.patchadvisor.com/patchadvisor/common/uploads/ciscocallmanager.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13451"
},
{
"db": "BID",
"id": "14251"
},
{
"db": "BID",
"id": "14252"
},
{
"db": "NVD",
"id": "CVE-2005-2242"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13451"
},
{
"db": "BID",
"id": "14251"
},
{
"db": "BID",
"id": "14252"
},
{
"db": "NVD",
"id": "CVE-2005-2242"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-13451"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14251"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14252"
},
{
"date": "2005-07-12T04:00:00",
"db": "NVD",
"id": "CVE-2005-2242"
},
{
"date": "2005-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-13451"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14251"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14252"
},
{
"date": "2008-09-05T20:51:15.427000",
"db": "NVD",
"id": "CVE-2005-2242"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "14251"
},
{
"db": "BID",
"id": "14252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CallManager Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "14251"
},
{
"db": "BID",
"id": "14252"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-129"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.