Sign-up

ID

VAR-200507-0191


CVE

CVE-2005-2241


TITLE

Cisco CallManager RISDC Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200507-143

DESCRIPTION

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. This issue is documented in Cisco bug CSCed37403, which is available to Cisco customers. If attackers repeatedly create, and then drop TCP connections to the vulnerable service, excessive memory resources will be consumed, potentially leading to further connections being refused. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. A denial of service vulnerability exists in multiple versions of CCM (3.2 and prior, 3.3 prior to 3.3(5), 4.0 prior to 4.0(2a)SR2b, and 4.1 prior to 4.1(3)SR1)

Trust: 1.35

sources: NVD: CVE-2005-2241 // BID: 14250 // VULHUB: VHN-13450 // VULMON: CVE-2005-2241

AFFECTED PRODUCTS

vendor:ciscomodel:call managerscope:eqversion:4.0

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.3

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.2

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:4.1

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 0.6

vendor:ciscomodel:call managerscope:eqversion:3.3(3)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.1(2)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:call manager sr1scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es07scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es33scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2bscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es40scope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call managerscope:neversion:3.3(5)

Trust: 0.3

vendor:ciscomodel:call manager es25scope:neversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es61scope:neversion:3.3

Trust: 0.3

sources: BID: 14250 // CNNVD: CNNVD-200507-143 // NVD: CVE-2005-2241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-2241
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200507-143
value: MEDIUM

Trust: 0.6

VULHUB: VHN-13450
value: MEDIUM

Trust: 0.1

VULMON: CVE-2005-2241
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-2241
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-13450
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-13450 // VULMON: CVE-2005-2241 // CNNVD: CNNVD-200507-143 // NVD: CVE-2005-2241

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200507-143

TYPE

Design Error

Trust: 0.9

sources: BID: 14250 // CNNVD: CNNVD-200507-143

PATCH

title:Cisco: Cisco CallManager Memory Handling Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20050712-ccm

Trust: 0.1

sources: VULMON: CVE-2005-2241

EXTERNAL IDS

db:BIDid:14250

Trust: 2.1

db:NVDid:CVE-2005-2241

Trust: 1.8

db:CNNVDid:CNNVD-200507-143

Trust: 0.7

db:CISCOid:20050712 CISCO CALLMANAGER MEMORY HANDLING VULNERABILITIES

Trust: 0.6

db:VULHUBid:VHN-13450

Trust: 0.1

db:VULMONid:CVE-2005-2241

Trust: 0.1

sources: VULHUB: VHN-13450 // VULMON: CVE-2005-2241 // BID: 14250 // CNNVD: CNNVD-200507-143 // NVD: CVE-2005-2241

REFERENCES

url:http://www.securityfocus.com/bid/14250

Trust: 1.8

url:http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml

Trust: 1.8

url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html

Trust: 0.3

url:http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20050712-ccm

Trust: 0.1

sources: VULHUB: VHN-13450 // VULMON: CVE-2005-2241 // BID: 14250 // CNNVD: CNNVD-200507-143 // NVD: CVE-2005-2241

CREDITS

The vendor disclosed this vulnerability.

Trust: 0.9

sources: BID: 14250 // CNNVD: CNNVD-200507-143

SOURCES

db:VULHUBid:VHN-13450
db:VULMONid:CVE-2005-2241
db:BIDid:14250
db:CNNVDid:CNNVD-200507-143
db:NVDid:CVE-2005-2241

LAST UPDATE DATE

2024-08-14T13:40:05.011000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-13450date:2008-09-05T00:00:00
db:VULMONid:CVE-2005-2241date:2008-09-05T00:00:00
db:BIDid:14250date:2005-07-12T00:00:00
db:CNNVDid:CNNVD-200507-143date:2005-10-20T00:00:00
db:NVDid:CVE-2005-2241date:2008-09-05T20:51:15.210

SOURCES RELEASE DATE

db:VULHUBid:VHN-13450date:2005-07-12T00:00:00
db:VULMONid:CVE-2005-2241date:2005-07-12T00:00:00
db:BIDid:14250date:2005-07-12T00:00:00
db:CNNVDid:CNNVD-200507-143date:2005-07-12T00:00:00
db:NVDid:CVE-2005-2241date:2005-07-12T04:00:00