Vulnerabilities in H.323 Message Processing - Cisco Systems

This script is (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Multiple Cisco products contain vulnerabilities in the processing of
H.323 messages, which are typically used in Voice over Internet
Protocol (VoIP) or multimedia applications. A test suite has been
developed by the University of Oulu to target this protocol and
identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software
Release 11.3T. Release 11.3T, and all later Cisco IOS releases may be
affected if the software includes support for voice/multimedia
applications. Vulnerable devices include those that contain software
support for H.323 as network elements as well as those configured for
IOS Network Address Translation (NAT) and those configured for IOS
Firewall (also known as Context-Based Access Control [CBAC]).
Other Cisco voice products that do not run Cisco IOS may also be
These vulnerabilities can be exploited repeatedly to produce a denial
of service (DoS).

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 48972 (cisco-sa-20040113-h323http.nasl)

Bugtraq ID: 9406

CVE ID: CVE-2004-0054

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now