Vulnerability Name:

CVE-2009-0057 (CCN-48139)

Assigned:2009-01-21
Published:2009-01-21
Updated:2017-08-08
Summary:The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-0057

Source: CCN
Type: SA33588
Cisco Unified Communications Manager CAPF Denial of Service

Source: SECUNIA
Type: Vendor Advisory
33588

Source: CCN
Type: SECTRACK ID: 1021620
Cisco Unified Communications Manager Input Validation Flaw in Certificate Authority Proxy Function Lets Remote Users Deny Service

Source: CISCO
Type: Vendor Advisory
20090121 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability

Source: CCN
Type: cisco-sa-20090121-cucmcapf
Cisco Security Advisory: Cisco Unified Communications Manager CAPF Denial of Service Vulnerability

Source: CCN
Type: OSVDB ID: 52317
Cisco Unified Communications Manager Certificate Authority Proxy Function (CAPF) Service Malformed TCP Input Remote DoS

Source: BID
Type: UNKNOWN
33379

Source: CCN
Type: BID-33379
Cisco Unified Communications Manager CAPF Service Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021620

Source: VUPEN
Type: UNKNOWN
ADV-2009-0213

Source: XF
Type: UNKNOWN
cucm-capf-tcp-dos(48139)

Source: XF
Type: UNKNOWN
cucm-capf-dos-var1(48139)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_3a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_4a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_4a_su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:(1):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:(2):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:(2a):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:(2b):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:(3a):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:5.1(1):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:5.1_(2a):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3c):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_(2a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_2a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_2b:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_3a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0:(1):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0:(1a):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0_1a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1:(1a):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1_1a:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:unified_communications_manager:5.1(2b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3d):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3c):*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco unified communications manager 5.0
    cisco unified communications manager 5.0_1
    cisco unified communications manager 5.0_2
    cisco unified communications manager 5.0_3
    cisco unified communications manager 5.0_3a
    cisco unified communications manager 5.0_4
    cisco unified communications manager 5.0_4a
    cisco unified communications manager 5.0_4a_su1
    cisco unified communications manager 5.1
    cisco unified communications manager 5.1 (1)
    cisco unified communications manager 5.1 (2)
    cisco unified communications manager 5.1 (2a)
    cisco unified communications manager 5.1 (2b)
    cisco unified communications manager 5.1 (3a)
    cisco unified communications manager 5.1 5.1(1)
    cisco unified communications manager 5.1 5.1_(2a)
    cisco unified communications manager 5.1(1)
    cisco unified communications manager 5.1(2)
    cisco unified communications manager 5.1(3c)
    cisco unified communications manager 5.1.2
    cisco unified communications manager 5.1_(2a)
    cisco unified communications manager 5.1_1
    cisco unified communications manager 5.1_2
    cisco unified communications manager 5.1_2a
    cisco unified communications manager 5.1_2b
    cisco unified communications manager 5.1_3a
    cisco unified communications manager 6.0
    cisco unified communications manager 6.0 (1)
    cisco unified communications manager 6.0 (1a)
    cisco unified communications manager 6.0_1
    cisco unified communications manager 6.0_1a
    cisco unified communications manager 6.1
    cisco unified communications manager 6.1 (1a)
    cisco unified communications manager 6.1(2)
    cisco unified communications manager 6.1.0
    cisco unified communications manager 6.1_1a
    cisco unified communications manager 5.1(2b)
    cisco unified communications manager 6.0(1a)
    cisco unified communications manager 5.1(1)
    cisco unified communications manager 5.1(2)
    cisco unified communications manager 6.0
    cisco unified communications manager 6.1(1a)
    cisco unified communications manager 6.1
    cisco unified communications manager 6.1(1)
    cisco unified communications manager 6.0(1)
    cisco unified communications manager 6.1(2)su1
    cisco unified communications manager 6.1(2)
    cisco unified communications manager 5.1(2a)
    cisco unified communications manager 5.1(3d)
    cisco unified communications manager 5.1(3)
    cisco unified communications manager 5.1(3a)
    cisco unified communications manager 5.1(3c)