Sign-up

ID

VAR-200507-0193


CVE

CVE-2005-2243


TITLE

Cisco CallManager inetinfo.exe Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200507-136

DESCRIPTION

Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. This issue is documented in Cisco bug CSCef47060, which is available to Cisco customers. Attackers may exploit this vulnerability by repeatedly attempting, and failing, to log into the affected service. It is reported that as much as 750 megabytes of memory may be consumed, resulting in a sever reduction in performance, possibly denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Inetinfo.exe in multiple versions of CCM (3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 and 4.1 before 4.1(3)SR1) has memory leaks, which may result in a denial of service

Trust: 1.26

sources: NVD: CVE-2005-2243 // BID: 14253 // VULHUB: VHN-13452

AFFECTED PRODUCTS

vendor:ciscomodel:call managerscope:eqversion:4.0

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.3

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.2

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:4.1

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 0.6

vendor:ciscomodel:call managerscope:eqversion:3.3(3)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.1(2)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:call manager sr1scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es07scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es33scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2bscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es40scope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call managerscope:neversion:3.3(5)

Trust: 0.3

vendor:ciscomodel:call manager es25scope:neversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es61scope:neversion:3.3

Trust: 0.3

sources: BID: 14253 // CNNVD: CNNVD-200507-136 // NVD: CVE-2005-2243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-2243
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200507-136
value: MEDIUM

Trust: 0.6

VULHUB: VHN-13452
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-2243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-13452
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-13452 // CNNVD: CNNVD-200507-136 // NVD: CVE-2005-2243

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200507-136

TYPE

Design Error

Trust: 0.9

sources: BID: 14253 // CNNVD: CNNVD-200507-136

EXTERNAL IDS

db:BIDid:14253

Trust: 2.0

db:NVDid:CVE-2005-2243

Trust: 1.7

db:CNNVDid:CNNVD-200507-136

Trust: 0.7

db:CISCOid:20050712 CISCO CALLMANAGER MEMORY HANDLING VULNERABILITIES

Trust: 0.6

db:VULHUBid:VHN-13452

Trust: 0.1

sources: VULHUB: VHN-13452 // BID: 14253 // CNNVD: CNNVD-200507-136 // NVD: CVE-2005-2243

REFERENCES

url:http://www.securityfocus.com/bid/14253

Trust: 1.7

url:http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml

Trust: 1.7

url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html

Trust: 0.3

url:http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml

Trust: 0.3

sources: VULHUB: VHN-13452 // BID: 14253 // CNNVD: CNNVD-200507-136 // NVD: CVE-2005-2243

CREDITS

The vendor disclosed this vulnerability.

Trust: 0.9

sources: BID: 14253 // CNNVD: CNNVD-200507-136

SOURCES

db:VULHUBid:VHN-13452
db:BIDid:14253
db:CNNVDid:CNNVD-200507-136
db:NVDid:CVE-2005-2243

LAST UPDATE DATE

2024-08-14T13:40:04.985000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-13452date:2008-09-05T00:00:00
db:BIDid:14253date:2005-07-12T00:00:00
db:CNNVDid:CNNVD-200507-136date:2005-10-20T00:00:00
db:NVDid:CVE-2005-2243date:2008-09-05T20:51:15.583

SOURCES RELEASE DATE

db:VULHUBid:VHN-13452date:2005-07-12T00:00:00
db:BIDid:14253date:2005-07-12T00:00:00
db:CNNVDid:CNNVD-200507-136date:2005-07-12T00:00:00
db:NVDid:CVE-2005-2243date:2005-07-12T04:00:00