CVE - CVE-2009-2051

CVE-ID
CVE-2009-2051	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CISCO:20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities URL:http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml CISCO:20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities URL:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml BID:36152 URL:http://www.securityfocus.com/bid/36152 OSVDB:57453 URL:http://osvdb.org/57453 SECTRACK:1022775 URL:http://www.securitytracker.com/id?1022775 SECUNIA:36498 URL:http://secunia.com/advisories/36498 SECUNIA:36499 URL:http://secunia.com/advisories/36499
Date Entry Created
20090612	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090612)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us