Cisco Unified Communications Manager Express Denial of Service Vulnerabilities (cisco-sa-20100324-cucme)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Devices running Cisco IOS Software and configured for Cisco Unified
Communications Manager Express (CME) or Cisco Unified Survivable
Remote Site Telephony (SRST) operation are affected by two denial of
service vulnerabilities that may result in a device reload if
successfully exploited. The vulnerabilities are triggered when the
Cisco IOS device processes specific, malformed Skinny Call Control
Protocol (SCCP) messages. Cisco has released free software updates
that address these vulnerabilities.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.8

Family: CISCO

Nessus Plugin ID: 49049 (cisco-sa-20100324-cucmehttp.nasl)

Bugtraq ID:

CVE ID: CVE-2010-0585

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now