ID CVE-2005-0186
Summary Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
References
Vulnerable Configurations
  • Cisco IOS 12.1YD
    cpe:2.3:o:cisco:ios:12.1yd
  • Cisco IOS 12.2T
    cpe:2.3:o:cisco:ios:12.2t
  • Cisco IOS 12.3
    cpe:2.3:o:cisco:ios:12.3
  • Cisco IOS 12.3T
    cpe:2.3:o:cisco:ios:12.3t
CVSS
Base: 5.0 (as of 03-06-2005 - 14:42)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CISCO
    NASL id CISCO-SA-20050119-ITSCMEHTTP.NASL
    description Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 48979
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48979
    title Vulnerability in Cisco IOS Embedded Call Processing Solutions - Cisco Systems
  • NASL family CISCO
    NASL id CSCEE08584.NASL
    description The remote router contains a version of IOS which has flaw in its telephony service. If the remote router is configured for ITS, CME or SRST, then an attacker may send malformed TCP queries to the remote host resulting in a reboot of the router. CISCO identifies this vulnerability as bug id CSCee08584
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 16217
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16217
    title Cisco IOS SCCP Control Protocol Malformed Message DoS (CSCee08584)
oval via4
accepted 2010-05-31T04:00:06.154-04:00
class vulnerability
contributors
  • name Yuzheng Zhou
    organization Hewlett-Packard
  • name Ronald Jones
    organization DTCC
  • name Ronald Jones
    organization DTCC
description Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
family ios
id oval:org.mitre.oval:def:4849
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco Systems IOS Skinny Call Control Protocol Handler Denial of Service Vulnerability
version 5
refmap via4
cisco 20050119 Vulnerability in Cisco IOS Embedded Call Processing Solutions
sectrack 1012945
secunia 13913
xf cisco-ios-sccp-dos(18956)
Last major update 04-03-2009 - 00:29
Published 19-01-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top