VAR-200507-0193
Vulnerability from variot - Updated: 2023-12-18 13:26Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. This issue is documented in Cisco bug CSCef47060, which is available to Cisco customers. Attackers may exploit this vulnerability by repeatedly attempting, and failing, to log into the affected service. It is reported that as much as 750 megabytes of memory may be consumed, resulting in a sever reduction in performance, possibly denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Inetinfo.exe in multiple versions of CCM (3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 and 4.1 before 4.1(3)SR1) has memory leaks, which may result in a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200507-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "call manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "call manager sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es07",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es33",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager sr2b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager es40",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(5)"
},
{
"model": "call manager es25",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager es61",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
}
],
"sources": [
{
"db": "BID",
"id": "14253"
},
{
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2243"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this vulnerability.",
"sources": [
{
"db": "BID",
"id": "14253"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
],
"trust": 0.9
},
"cve": "CVE-2005-2243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-13452",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2243",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200507-136",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-13452",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13452"
},
{
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. \nThis issue is documented in Cisco bug CSCef47060, which is available to Cisco customers. \nAttackers may exploit this vulnerability by repeatedly attempting, and failing, to log into the affected service. It is reported that as much as 750 megabytes of memory may be consumed, resulting in a sever reduction in performance, possibly denying service to legitimate users. \nThis issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Inetinfo.exe in multiple versions of CCM (3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 and 4.1 before 4.1(3)SR1) has memory leaks, which may result in a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"db": "BID",
"id": "14253"
},
{
"db": "VULHUB",
"id": "VHN-13452"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "14253",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2005-2243",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20050712 CISCO CALLMANAGER MEMORY HANDLING VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-13452",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13452"
},
{
"db": "BID",
"id": "14253"
},
{
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
]
},
"id": "VAR-200507-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13452"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:26:01.181000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14253"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13452"
},
{
"db": "BID",
"id": "14253"
},
{
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13452"
},
{
"db": "BID",
"id": "14253"
},
{
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-13452"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14253"
},
{
"date": "2005-07-12T04:00:00",
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"date": "2005-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-13452"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14253"
},
{
"date": "2008-09-05T20:51:15.583000",
"db": "NVD",
"id": "CVE-2005-2243"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CallManager inetinfo.exe Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "14253"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-136"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…