Sign-up

ID

VAR-200208-0215


CVE

CVE-2002-0505


TITLE

Cisco CallManager contains memory leak

Trust: 0.8

sources: CERT/CC: VU#495275

DESCRIPTION

Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. The Cisco Call Manager contains a vulnerability that could permit an intruder to crash the Call Manager. Cisco CallManager is the software based call processing component of the Cisco IP Telephony solution. A denial of service condition has been reported in some versions of the CallManager software. If a user does not properly authenticate when using Call Telephony Integration (CTI), a memory leak may occur. This may result in the vulnerable process crashing and reloading. <*Link: http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml *>

Trust: 1.98

sources: NVD: CVE-2002-0505 // CERT/CC: VU#495275 // BID: 4370 // VULHUB: VHN-4898

AFFECTED PRODUCTS

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.0

Trust: 1.9

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:call managerscope:neversion:3.1

Trust: 0.3

sources: CERT/CC: VU#495275 // BID: 4370 // CNNVD: CNNVD-200208-103 // NVD: CVE-2002-0505

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0505
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#495275
value: 5.63

Trust: 0.8

CNNVD: CNNVD-200208-103
value: MEDIUM

Trust: 0.6

VULHUB: VHN-4898
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-0505
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-4898
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#495275 // VULHUB: VHN-4898 // CNNVD: CNNVD-200208-103 // NVD: CVE-2002-0505

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0505

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-103

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200208-103

EXTERNAL IDS

db:BIDid:4370

Trust: 2.8

db:NVDid:CVE-2002-0505

Trust: 1.7

db:CERT/CCid:VU#495275

Trust: 0.8

db:CISCOid:20020327 LDAP CONNECTION LEAK IN CTI WHEN USER AUTHENTICATION FAILS

Trust: 0.6

db:XFid:8655

Trust: 0.6

db:CNNVDid:CNNVD-200208-103

Trust: 0.6

db:VULHUBid:VHN-4898

Trust: 0.1

sources: CERT/CC: VU#495275 // VULHUB: VHN-4898 // BID: 4370 // CNNVD: CNNVD-200208-103 // NVD: CVE-2002-0505

REFERENCES

url:http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml

Trust: 3.5

url:http://www.securityfocus.com/bid/4370

Trust: 3.5

url:http://www.iss.net/security_center/static/8655.php

Trust: 2.7

url:http://www.cisco.com/warp/public/cc/pd/nemnsw/callmn/index.shtml

Trust: 1.1

url:http://www.cisco.com/warp/public/180/prod_plat/cust_cont/icm/cti.html

Trust: 0.8

sources: CERT/CC: VU#495275 // VULHUB: VHN-4898 // BID: 4370 // CNNVD: CNNVD-200208-103 // NVD: CVE-2002-0505

CREDITS

Published in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 4370

SOURCES

db:CERT/CCid:VU#495275
db:VULHUBid:VHN-4898
db:BIDid:4370
db:CNNVDid:CNNVD-200208-103
db:NVDid:CVE-2002-0505

LAST UPDATE DATE

2024-11-22T23:14:56.971000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#495275date:2002-08-10T00:00:00
db:VULHUBid:VHN-4898date:2008-09-05T00:00:00
db:BIDid:4370date:2002-03-27T00:00:00
db:CNNVDid:CNNVD-200208-103date:2005-05-02T00:00:00
db:NVDid:CVE-2002-0505date:2024-11-20T23:39:14.967

SOURCES RELEASE DATE

db:CERT/CCid:VU#495275date:2002-08-10T00:00:00
db:VULHUBid:VHN-4898date:2002-08-12T00:00:00
db:BIDid:4370date:2002-03-27T00:00:00
db:CNNVDid:CNNVD-200208-103date:2002-03-27T00:00:00
db:NVDid:CVE-2002-0505date:2002-08-12T04:00:00