Cisco Unified Communications Manager Express Denial of Service Vulnerabilities (cisco-sa-20100324-cucme)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Devices running Cisco IOS Software and configured for Cisco Unified
Communications Manager Express (CME) or Cisco Unified Survivable
Remote Site Telephony (SRST) operation are affected by two denial of
service vulnerabilities that may result in a device reload if
successfully exploited. The vulnerabilities are triggered when the
Cisco IOS device processes specific, malformed Skinny Call Control
Protocol (SCCP) messages. Cisco has released free software updates
that address these vulnerabilities.

See also :

http://www.nessus.org/u?65f81254

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20100324-cucme.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: CISCO

Nessus Plugin ID: 49049 (cisco-sa-20100324-cucmehttp.nasl)

Bugtraq ID:

CVE ID: CVE-2010-0585
CVE-2010-0586