Sign-up

ID

VAR-201101-0323


CVE

CVE-2010-4686


TITLE

Cisco IOS Run on CallManager Express Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-001129

DESCRIPTION

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. The problem is Bug ID CSCtb47950 It is a problem.Long term SIP TRUNK Service disruption through the transmission of (DoS) There is a possibility of being put into a state. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. A remote attacker can cause a denial of service (memory consumption) by sending this communication after an excessively long delay. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. 4) An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-4686 // JVNDB: JVNDB-2011-001129 // BID: 45769 // VULHUB: VHN-47291 // PACKETSTORM: 97604

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:ltversion:15.0\(1\)xa1

Trust: 1.0

vendor:ciscomodel:iosscope:ltversion:15.0 (1)xa1

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:10.3\(16\)

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:11.2\(8.2\)sa6

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(18\)s10

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:11.1ca

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:11.1aa

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:11.1\(36\)cc4

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:10.0

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:11.1\(36\)cc2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:11

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:10.3

Trust: 0.6

vendor:ciscomodel:ios 15.0 xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios mscope:eqversion:15.0

Trust: 0.3

vendor:ciscomodel:ios 15.0 xa1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:15.0

Trust: 0.3

vendor:ciscomodel:ios 15.0 m1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0 m2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0 m3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios m3scope:eqversion:15.0

Trust: 0.3

sources: BID: 45769 // JVNDB: JVNDB-2011-001129 // CNNVD: CNNVD-201101-064 // NVD: CVE-2010-4686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4686
value: HIGH

Trust: 1.0

NVD: CVE-2010-4686
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201101-064
value: HIGH

Trust: 0.6

VULHUB: VHN-47291
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-4686
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-47291
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-47291 // JVNDB: JVNDB-2011-001129 // CNNVD: CNNVD-201101-064 // NVD: CVE-2010-4686

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-47291 // JVNDB: JVNDB-2011-001129 // NVD: CVE-2010-4686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201101-064

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201101-064

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001129

PATCH
title:22291url:http://tools.cisco.com/security/center/viewAlert.x?alertId=22291
Trust: 0.8
title:Release Notes for Cisco 800 Series Routers with Cisco IOS Release 15.0(1)XAurl:http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
Trust: 0.8
title:Cisco IOS CallManager Express Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118592
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-001129 // 
            
            
            
            CNNVD: CNNVD-201101-064

EXTERNAL IDS
db:BIDid:45769
Trust: 2.8
db:NVDid:CVE-2010-4686
Trust: 2.8
db:SECUNIAid:42917
Trust: 0.9
db:VUPENid:ADV-2011-0129
Trust: 0.8
db:XFid:64585
Trust: 0.8
db:JVNDBid:JVNDB-2011-001129
Trust: 0.8
db:CNNVDid:CNNVD-201101-064
Trust: 0.7
db:VULHUBid:VHN-47291
Trust: 0.1
db:PACKETSTORMid:97604
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47291 // 
            
            
            
            BID: 45769 // 
            
            
            
            JVNDB: JVNDB-2011-001129 // 
            
            
            
            PACKETSTORM: 97604 // 
            
            
            
            CNNVD: CNNVD-201101-064 // 
            
            
            
            NVD: CVE-2010-4686

REFERENCES
url:http://www.securityfocus.com/bid/45769
Trust: 2.5
url:http://www.cisco.com/en/us/docs/ios/15_0/15_0x/15_01_xa/rn800xa.pdf
Trust: 2.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/64585
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4686
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/64585
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4686
Trust: 0.8
url:http://secunia.com/advisories/42917
Trust: 0.8
url:http://www.vupen.com/english/advisories/2011/0129
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
Trust: 0.1
url:http://secunia.com/products/corporate/vim/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/42917/#comments
Trust: 0.1
url:http://secunia.com/advisories/42917/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47291 // 
            
            
            
            BID: 45769 // 
            
            
            
            JVNDB: JVNDB-2011-001129 // 
            
            
            
            PACKETSTORM: 97604 // 
            
            
            
            CNNVD: CNNVD-201101-064 // 
            
            
            
            NVD: CVE-2010-4686

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 45769

SOURCES
db:VULHUBid:VHN-47291
db:BIDid:45769
db:JVNDBid:JVNDB-2011-001129
db:PACKETSTORMid:97604
db:CNNVDid:CNNVD-201101-064
db:NVDid:CVE-2010-4686

LAST UPDATE DATE
2025-04-11T22:50:17.485000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-47291date:2020-05-13T00:00:00
db:BIDid:45769date:2011-01-11T00:00:00
db:JVNDBid:JVNDB-2011-001129date:2011-02-25T00:00:00
db:CNNVDid:CNNVD-201101-064date:2020-05-14T00:00:00
db:NVDid:CVE-2010-4686date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-47291date:2011-01-07T00:00:00
db:BIDid:45769date:2011-01-11T00:00:00
db:JVNDBid:JVNDB-2011-001129date:2011-02-25T00:00:00
db:PACKETSTORMid:97604date:2011-01-18T10:42:38
db:CNNVDid:CNNVD-201101-064date:2011-01-10T00:00:00
db:NVDid:CVE-2010-4686date:2011-01-07T19:00:20.640