CVE-2007-5537 - OpenCVE

Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Unified Callmanager Unified Communications Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_callmanager:5.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager::::::::

References

Link	Resource
http://osvdb.org/37941
http://secunia.com/advisories/27296
http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
http://www.securityfocus.com/bid/26105
http://www.securitytracker.com/id?1018828
http://www.vupen.com/english/advisories/2007/3532
https://exchange.xforce.ibmcloud.com/vulnerabilities/37246

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-18T00:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-10-17T00:00:00

Link: CVE-2007-5537

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-18T00:17:00.000

Modified: 2017-07-29T01:33:43.413

Link: CVE-2007-5537

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26105", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26105"}, {"name": "cucm-sip-invite-dos(37246)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"}, {"name": "ADV-2007-3532", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3532"}, {"name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"}, {"name": "37941", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37941"}, {"name": "1018828", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018828"}, {"name": "27296", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27296"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5537", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26105"}, {"name": "cucm-sip-invite-dos(37246)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"}, {"name": "ADV-2007-3532", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3532"}, {"name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"}, {"name": "37941", "refsource": "OSVDB", "url": "http://osvdb.org/37941"}, {"name": "1018828", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018828"}, {"name": "27296", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27296"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5537", "datePublished": "2007-10-18T00:00:00", "dateReserved": "2007-10-17T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "37FEF567-5F92-40BB-8581-3FCF584AAA1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C144784A-941D-4919-9E21-1E2AD2738A08", "versionEndIncluding": "5.1\\(2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."}, {"lang": "es", "value": "Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (kernel panic) mediante una inundaci\u00f3n de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, tambi\u00e9n conocida como, CSCsi75822."}], "id": "CVE-2007-5537", "lastModified": "2017-07-29T01:33:43.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-18T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37941"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27296"}, {"source": "cve@mitre.org", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26105"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018828"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3532"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}