Vulnerability Name:

CVE-2009-2052 (CCN-52815)

Assigned:2009-08-26
Published:2009-08-26
Updated:2021-10-06
Summary:Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-2052

Source: CCN
Type: SA36495
Cisco Unified Communications Manager SIP Header Denial of Service

Source: CCN
Type: SA36498
Cisco Unified Communications Manager Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
36498

Source: CCN
Type: SA36499
Cisco Unified Communications Manager Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
36499

Source: CCN
Type: SA37039
Cisco Unified Presence Denial of Service Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
37039

Source: CCN
Type: SECTRACK ID: 1022775
Cisco Unified Communications Manager SIP and SCCP Processing Bugs Let Remote Users Deny Service

Source: CCN
Type: SECTRACK ID: 1023018
Cisco Unified Presence Can Be Affected By TCP Flooding Attacks

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1023018

Source: CCN
Type: Cisco Applied Mitigation Bulletin: Document ID: 110849
Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Denial of Service Vulnerabilities

Source: CISCO
Type: Patch, Vendor Advisory
20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities

Source: CCN
Type: cisco-sa-20091014-cup
Cisco Unified Presence Denial of Service Vulnerabilities

Source: CISCO
Type: Vendor Advisory
20091014 Cisco Unified Presence Denial of Service Vulnerabilities

Source: CCN
Type: cisco-sa-20090826-cucm
Cisco Unified Communications Manager Denial of Service Vulnerabilities

Source: CCN
Type: OSVDB ID: 57454
Cisco Unified Communications Manager Embedded Firewall Network Connection Saturation Remote DoS

Source: BID
Type: Third Party Advisory, VDB Entry
36152

Source: CCN
Type: BID-36152
Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
36676

Source: CCN
Type: BID-36676
Cisco Unified Presence Track Network Connection Denial of Service Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1022775

Source: VUPEN
Type: Third Party Advisory
ADV-2009-2915

Source: XF
Type: UNKNOWN
cucm-tcp-dos(52815)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* (Version >= 5.0 and < 5.1(3g))
  • OR cpe:/a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* (Version >= 6.1(1) and < 6.1(4))
  • OR cpe:/a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* (Version >= 7.0 and < 7.0(2))
  • OR cpe:/a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* (Version >= 7.1 and < 7.1(2))

    • Configuration CCN 1:
  • cpe:/a:cisco:unified_communications_manager:5.1(2b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:3.3(5):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:1.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:1.0(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:1.0(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:6.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:6.0(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:3.3(5)sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:3.3(5)sr2a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1(3)sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1(3)sr2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1(3)sr3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1(3)sr4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3d):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3c):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(1)sr.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(2)sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:(2b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:::business:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr2b:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2_2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2_3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.3_sr3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2_3_sr3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2_3_sr2b:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2_3sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_3a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2_3_sr2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3_1_sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1:(2a):*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_4a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0_4a_su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0_1a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_3a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_2b:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_2a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1_1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:7.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1_1a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:6.0(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:6.0(4):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:6.0(5):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:7.0(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_presence_server:7.0(3):*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco unified communications manager *
    cisco unified communications manager *
    cisco unified communications manager *
    cisco unified communications manager *
    cisco unified communications manager 5.1(2b)
    cisco unified communications manager 6.0(1a)
    cisco unified communications manager 5.0
    cisco unified communications manager 3.3(5)
    cisco unified communications manager 4.1(3)
    cisco unified communications manager 4.2
    cisco unified communications manager 4.2.1
    cisco unified communications manager 4.2.2
    cisco unified communications manager 4.2.3
    cisco unified communications manager 4.2.3sr1
    cisco unified communications manager 4.2.3sr2
    cisco unified communications manager 4.2.3sr2b
    cisco unified communications manager 4.3
    cisco unified communications manager 4.3(1)
    cisco unified communications manager 5.1
    cisco unified communications manager 5.1(1)
    cisco unified communications manager 5.1(2)
    cisco unified communications manager 6.0
    cisco unified presence server 1.0
    cisco unified presence server 1.0(1)
    cisco unified presence server 1.0(2)
    cisco unified presence server 1.0(3)
    cisco unified presence server 6.0(1)
    cisco unified presence server 6.0(2)
    cisco unified communications manager 6.1(1a)
    cisco unified communications manager 4.1
    cisco unified communications manager 6.1
    cisco unified communications manager 6.1(1)
    cisco unified communications manager 3.3(5)sr1
    cisco unified communications manager 3.3(5)sr2a
    cisco unified communications manager 4.1(3)sr1
    cisco unified communications manager 4.1(3)sr2
    cisco unified communications manager 4.1(3)sr3
    cisco unified communications manager 4.1(3)sr4
    cisco unified communications manager 6.0(1)
    cisco unified presence server 6.0
    cisco unified communications manager 6.1(2)su1
    cisco unified communications manager 6.1(2)
    cisco unified communications manager 5.1(2a)
    cisco unified communications manager 5.1(3d)
    cisco unified communications manager 5.1(3)
    cisco unified communications manager 5.1(3a)
    cisco unified communications manager 5.1(3c)
    cisco unified communications manager 7.0
    cisco unified communications manager 6.1(3)
    cisco unified communications manager 4.3(1)sr.1
    cisco unified communications manager 4.3(2)
    cisco unified communications manager 4.3(2)sr1
    cisco unified communications manager 4.1.1
    cisco unified communications manager 4.1.2
    cisco unified communications manager 4.1.3
    cisco unified communications manager (2)
    cisco unified communications manager (1)
    cisco unified communications manager (2b)
    cisco unified communications manager
    cisco unified communications manager 4.2(3)sr3
    cisco unified communications manager 4.2(3)sr2b
    cisco unified communications manager 4.2(3)sr1
    cisco unified communications manager 4.2(3)sr4
    cisco unified communications manager 4.2_2
    cisco unified communications manager 4.2_3
    cisco unified communications manager 4.2.3_sr3
    cisco unified communications manager 4.2_1
    cisco unified communications manager 4.2_3_sr3
    cisco unified communications manager 4.2_3_sr2b
    cisco unified communications manager 4.2_3sr1
    cisco unified communications manager 5.0_1
    cisco unified communications manager 5.0_2
    cisco unified communications manager 4.3_1
    cisco unified communications manager 4.3.1
    cisco unified communications manager 4.3.2
    cisco unified communications manager 5.0_4
    cisco unified communications manager 5.0_3a
    cisco unified communications manager 5.0_3
    cisco unified communications manager 4.2_3_sr2
    cisco unified communications manager 4.3_1_sr1
    cisco unified communications manager 5.1 (2a)
    cisco unified communications manager 5.1.2
    cisco unified communications manager 5.0_4a
    cisco unified communications manager 5.0_4a_su1
    cisco unified communications manager 6.0_1a
    cisco unified communications manager 6.0_1
    cisco unified communications manager 5.1_3a
    cisco unified communications manager 5.1_2b
    cisco unified communications manager 5.1_2a
    cisco unified communications manager 5.1_2
    cisco unified communications manager 5.1_1
    cisco unified communications manager 6.1.0
    cisco unified communications manager 7.0(1)
    cisco unified communications manager 6.1_1a
    cisco unified presence server 6.0(3)
    cisco unified presence server 7.0
    cisco unified presence server 6.0(4)
    cisco unified presence server 6.0(5)
    cisco unified presence server 7.0(2)
    cisco unified presence server 7.0(3)