Sign-up

ID

VAR-201101-0324


CVE

CVE-2010-4687


TITLE

Cisco IOS Run on STCAPP Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-001130

DESCRIPTION

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Trust: 1.98

sources: NVD: CVE-2010-4687 // JVNDB: JVNDB-2011-001130 // BID: 45769 // VULHUB: VHN-47292

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:ltversion:15.0\(1\)xa1

Trust: 1.0

vendor:ciscomodel:iosscope:ltversion:15.0 (1)xa1

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.2\(4\)xw

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(4\)xm

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(8\)yy

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(4\)ya

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(4\)xm2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(4\)ya1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(8\)yw2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(4\)xw1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(8\)yw3

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2\(8\)yd

Trust: 0.6

vendor:ciscomodel:ios 15.0 xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios mscope:eqversion:15.0

Trust: 0.3

vendor:ciscomodel:ios 15.0 xa1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:15.0

Trust: 0.3

vendor:ciscomodel:ios 15.0 m1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0 m2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0 m3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios m3scope:eqversion:15.0

Trust: 0.3

sources: BID: 45769 // JVNDB: JVNDB-2011-001130 // CNNVD: CNNVD-201101-065 // NVD: CVE-2010-4687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4687
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4687
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201101-065
value: MEDIUM

Trust: 0.6

VULHUB: VHN-47292
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4687
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-47292
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-47292 // JVNDB: JVNDB-2011-001130 // CNNVD: CNNVD-201101-065 // NVD: CVE-2010-4687

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-47292 // JVNDB: JVNDB-2011-001130 // NVD: CVE-2010-4687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201101-065

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201101-065

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001130

PATCH
title:22291url:http://tools.cisco.com/security/center/viewAlert.x?alertId=22291
Trust: 0.8
title:Release Notes for Cisco 800 Series Routers with Cisco IOS Release 15.0(1)XAurl:http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
Trust: 0.8
title:Cisco IOS XA5 STCAPP Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118523
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-001130 // 
            
            
            
            CNNVD: CNNVD-201101-065

EXTERNAL IDS
db:NVDid:CVE-2010-4687
Trust: 2.8
db:BIDid:45769
Trust: 2.8
db:VUPENid:ADV-2011-0129
Trust: 0.8
db:XFid:64584
Trust: 0.8
db:JVNDBid:JVNDB-2011-001130
Trust: 0.8
db:CNNVDid:CNNVD-201101-065
Trust: 0.7
db:VULHUBid:VHN-47292
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47292 // 
            
            
            
            BID: 45769 // 
            
            
            
            JVNDB: JVNDB-2011-001130 // 
            
            
            
            CNNVD: CNNVD-201101-065 // 
            
            
            
            NVD: CVE-2010-4687

REFERENCES
url:http://www.securityfocus.com/bid/45769
Trust: 2.5
url:http://www.cisco.com/en/us/docs/ios/15_0/15_0x/15_01_xa/rn800xa.pdf
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/64584
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4687
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/64584
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4687
Trust: 0.8
url:http://www.vupen.com/english/advisories/2011/0129
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-47292 // 
            
            
            
            BID: 45769 // 
            
            
            
            JVNDB: JVNDB-2011-001130 // 
            
            
            
            CNNVD: CNNVD-201101-065 // 
            
            
            
            NVD: CVE-2010-4687

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 45769

SOURCES
db:VULHUBid:VHN-47292
db:BIDid:45769
db:JVNDBid:JVNDB-2011-001130
db:CNNVDid:CNNVD-201101-065
db:NVDid:CVE-2010-4687

LAST UPDATE DATE
2025-04-11T22:50:17.846000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-47292date:2020-05-12T00:00:00
db:BIDid:45769date:2011-01-11T00:00:00
db:JVNDBid:JVNDB-2011-001130date:2011-02-25T00:00:00
db:CNNVDid:CNNVD-201101-065date:2020-05-13T00:00:00
db:NVDid:CVE-2010-4687date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-47292date:2011-01-07T00:00:00
db:BIDid:45769date:2011-01-11T00:00:00
db:JVNDBid:JVNDB-2011-001130date:2011-02-25T00:00:00
db:CNNVDid:CNNVD-201101-065date:2011-01-10T00:00:00
db:NVDid:CVE-2010-4687date:2011-01-07T19:00:20.670