CVE-2011-2072

high

Description

Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.

References

http://www.securitytracker.com/id?1026110

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml

http://tools.cisco.com/security/center/viewAlert.x?alertId=24129

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm

Details

Source: Mitre, NVD

Published: 2011-10-03

Updated: 2011-11-03

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High