Details of VAR-200507-0192

ID

VAR-200507-0192

CVE

CVE-2005-2242

TITLE

Cisco CallManager Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200507-129

DESCRIPTION

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). The CallManager CTI Manager service is susceptible to a remote denial of service vulnerability. This issue is documented in Cisco bug CSCee00116, which is available to Cisco customers. This issue may be exploited to cause the affected application to restart, denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. There are denial of service vulnerabilities in multiple versions of CCM (3.2 and earlier, 3.3 earlier than 3.3(5), 4.0 earlier than 4.0(2a)SR2b, and 4.1 4.1 earlier than 4.1(3)SR1)

Trust: 1.53

sources: NVD: CVE-2005-2242 // BID: 14251 // BID: 14252 // VULHUB: VHN-13451

AFFECTED PRODUCTS

vendor:	cisco	model:	call manager	scope:	eq	version:	4.0	Trust: 1.2
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 1.2
vendor:	cisco	model:	call manager	scope:	eq	version:	3.2	Trust: 1.2
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1	Trust: 1.2
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(3)	Trust: 0.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1(2)	Trust: 0.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	call manager	scope:	eq	version:	2.0	Trust: 0.6
vendor:	cisco	model:	call manager	scope:	eq	version:	1.0	Trust: 0.6
vendor:	cisco	model:	call manager sr1	scope:	ne	version:	4.1	Trust: 0.6
vendor:	cisco	model:	call manager es07	scope:	ne	version:	4.1	Trust: 0.6
vendor:	cisco	model:	call manager es33	scope:	ne	version:	4.1	Trust: 0.6
vendor:	cisco	model:	call manager sr2b	scope:	ne	version:	4.0	Trust: 0.6
vendor:	cisco	model:	call manager es40	scope:	ne	version:	4.0	Trust: 0.6
vendor:	cisco	model:	call manager	scope:	ne	version:	3.3(5)	Trust: 0.6
vendor:	cisco	model:	call manager es25	scope:	ne	version:	3.3	Trust: 0.6
vendor:	cisco	model:	call manager es61	scope:	ne	version:	3.3	Trust: 0.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1	Trust: 0.6

sources: BID: 14251 // BID: 14252 // CNNVD: CNNVD-200507-129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2242
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200507-129
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-13451
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-2242
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-13451
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-13451 // CNNVD: CNNVD-200507-129 // NVD: CVE-2005-2242

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2242

THREAT TYPE

network

Trust: 0.6

sources: BID: 14251 // BID: 14252

TYPE

Design Error

Trust: 1.2

sources: BID: 14251 // BID: 14252 // CNNVD: CNNVD-200507-129

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-13451

EXTERNAL IDS

db:	BID	id:	14251	Trust: 2.0
db:	BID	id:	14252	Trust: 2.0
db:	NVD	id:	CVE-2005-2242	Trust: 1.7
db:	CNNVD	id:	CNNVD-200507-129	Trust: 0.7
db:	CISCO	id:	20050712 CISCO CALLMANAGER MEMORY HANDLING VULNERABILITIES	Trust: 0.6
db:	EXPLOIT-DB	id:	25967	Trust: 0.1
db:	VULHUB	id:	VHN-13451	Trust: 0.1

sources: VULHUB: VHN-13451 // BID: 14251 // BID: 14252 // CNNVD: CNNVD-200507-129 // NVD: CVE-2005-2242

REFERENCES

url:	http://www.securityfocus.com/bid/14251	Trust: 1.7
url:	http://www.securityfocus.com/bid/14252	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml	Trust: 1.7
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.6
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml	Trust: 0.6
url:	http://www.patchadvisor.com/patchadvisor/common/uploads/ciscocallmanager.pdf	Trust: 0.3

sources: VULHUB: VHN-13451 // BID: 14251 // BID: 14252 // CNNVD: CNNVD-200507-129 // NVD: CVE-2005-2242

CREDITS

Jeff Fay from PatchAdvisor reported this vulnerability to the vendor.

Trust: 0.9

sources: BID: 14251 // CNNVD: CNNVD-200507-129

SOURCES

db:	VULHUB	id:	VHN-13451
db:	BID	id:	14251
db:	BID	id:	14252
db:	CNNVD	id:	CNNVD-200507-129
db:	NVD	id:	CVE-2005-2242

LAST UPDATE DATE

2024-08-14T13:40:04.957000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-13451	date:	2008-09-05T00:00:00
db:	BID	id:	14251	date:	2005-07-12T00:00:00
db:	BID	id:	14252	date:	2005-07-12T00:00:00
db:	CNNVD	id:	CNNVD-200507-129	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-2242	date:	2008-09-05T20:51:15.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-13451	date:	2005-07-12T00:00:00
db:	BID	id:	14251	date:	2005-07-12T00:00:00
db:	BID	id:	14252	date:	2005-07-12T00:00:00
db:	CNNVD	id:	CNNVD-200507-129	date:	2005-07-12T00:00:00
db:	NVD	id:	CVE-2005-2242	date:	2005-07-12T04:00:00