Details of VAR-200501-0320

ID

VAR-200501-0320

CVE

CVE-2005-0186

TITLE

Cisco IOS embedded call processing solutions contain unspecified DoS vulnerability

Trust: 0.8

sources: CERT/CC: VU#613384

DESCRIPTION

Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. Cisco IOS Implemented in ITS , CME ,and SRST Is SCCP Packets are not processed properly, so if these are enabled, illegal SCCP A vulnerability exists that causes the device to restart after interpreting the packet.System disrupts service operation (DoS) It may be in a state. IOS is prone to a denial-of-service vulnerability. The issue is reported to exist in the Skinny Call Control Protocol (SCCP) handler. A remote attacker may exploit this vulnerability continuously to effectively deny network-based services to legitimate users. Cisco IOS is the underlying operating system for Cisco networking equipment

Trust: 2.97

sources: NVD: CVE-2005-0186 // CERT/CC: VU#613384 // JVNDB: JVNDB-2005-000044 // BID: 90292 // BID: 12307 // VULHUB: VHN-11395

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 3.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.3t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1yd	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.1	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	cisco	model:	ios 12.3t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.1yd	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.3xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.3xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zo	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2zj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ys	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ym	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2yb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ya	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2jk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2cz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2bc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2b	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1yi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1ye	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#613384 // BID: 90292 // BID: 12307 // JVNDB: JVNDB-2005-000044 // CNNVD: CNNVD-200501-257 // NVD: CVE-2005-0186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0186
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#613384
value:	9.45
Trust: 0.8
NVD:	CVE-2005-0186
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200501-257
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11395
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-0186
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-11395
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#613384 // VULHUB: VHN-11395 // JVNDB: JVNDB-2005-000044 // CNNVD: CNNVD-200501-257 // NVD: CVE-2005-0186

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0186

THREAT TYPE

network

Trust: 0.6

sources: BID: 90292 // BID: 12307

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200501-257

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000044

PATCH

title:

cisco-sa-20050119-itscme

url:

http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2005-000044

EXTERNAL IDS

db:	SECUNIA	id:	13913	Trust: 3.3
db:	NVD	id:	CVE-2005-0186	Trust: 2.8
db:	SECTRACK	id:	1012945	Trust: 2.0
db:	CERT/CC	id:	VU#613384	Trust: 1.6
db:	BID	id:	12307	Trust: 1.1
db:	XF	id:	18956	Trust: 0.9
db:	JVNDB	id:	JVNDB-2005-000044	Trust: 0.8
db:	CNNVD	id:	CNNVD-200501-257	Trust: 0.7
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:4849	Trust: 0.6
db:	CISCO	id:	20050119 VULNERABILITY IN CISCO IOS EMBEDDED CALL PROCESSING SOLUTIONS	Trust: 0.6
db:	BID	id:	90292	Trust: 0.4
db:	VULHUB	id:	VHN-11395	Trust: 0.1

sources: CERT/CC: VU#613384 // VULHUB: VHN-11395 // BID: 90292 // BID: 12307 // JVNDB: JVNDB-2005-000044 // CNNVD: CNNVD-200501-257 // NVD: CVE-2005-0186

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml	Trust: 2.8
url:	http://securitytracker.com/id?1012945	Trust: 2.0
url:	http://secunia.com/advisories/13913	Trust: 1.7
url:	http://secunia.com/advisories/13913/	Trust: 1.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4849	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18956	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/18956	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0186	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0186	Trust: 0.8
url:	http://www.securityfocus.com/bid/12307	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/613384	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4849	Trust: 0.6
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00803b3fff.shtml	Trust: 0.3

sources: CERT/CC: VU#613384 // VULHUB: VHN-11395 // BID: 90292 // BID: 12307 // JVNDB: JVNDB-2005-000044 // CNNVD: CNNVD-200501-257 // NVD: CVE-2005-0186

CREDITS

Unknown

Trust: 0.3

sources: BID: 90292

SOURCES

db:	CERT/CC	id:	VU#613384
db:	VULHUB	id:	VHN-11395
db:	BID	id:	90292
db:	BID	id:	12307
db:	JVNDB	id:	JVNDB-2005-000044
db:	CNNVD	id:	CNNVD-200501-257
db:	NVD	id:	CVE-2005-0186

LAST UPDATE DATE

2024-08-14T13:51:11.969000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#613384	date:	2005-01-21T00:00:00
db:	VULHUB	id:	VHN-11395	date:	2017-10-11T00:00:00
db:	BID	id:	90292	date:	2005-01-19T00:00:00
db:	BID	id:	12307	date:	2005-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2005-000044	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200501-257	date:	2009-03-04T00:00:00
db:	NVD	id:	CVE-2005-0186	date:	2017-10-11T01:29:53.013

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#613384	date:	2005-01-21T00:00:00
db:	VULHUB	id:	VHN-11395	date:	2005-01-19T00:00:00
db:	BID	id:	90292	date:	2005-01-19T00:00:00
db:	BID	id:	12307	date:	2005-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2005-000044	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200501-257	date:	2005-01-19T00:00:00
db:	NVD	id:	CVE-2005-0186	date:	2005-01-19T05:00:00