Sign-up

ID

VAR-200704-0585


CVE

CVE-2007-1826


TITLE

CUCM of IPSec Manager Service Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001779

DESCRIPTION

Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. The CUCM vulnerability is documented in Cisco Bug ID as CSCsg20143 and the CUPS vulnerability is documented in Cisco Bug ID as CSCsg60949

Trust: 1.98

sources: NVD: CVE-2007-1826 // JVNDB: JVNDB-2007-001779 // BID: 23181 // VULHUB: VHN-25188

AFFECTED PRODUCTS

vendor:ciscomodel:unified presence serverscope:eqversion:1.0

Trust: 1.9

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0

Trust: 1.9

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(4\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:eqversion:1.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3a\)

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:eqversion:1.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:ltversion:5.0

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4a)su1

Trust: 0.8

vendor:ciscomodel:unified presence serverscope:ltversion:1.0

Trust: 0.8

vendor:ciscomodel:unified presence serverscope:eqversion:1.0(3)

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4)

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(2)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:unified presence serverscope:neversion:1.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0 su1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2ascope:neversion: -

Trust: 0.3

sources: BID: 23181 // JVNDB: JVNDB-2007-001779 // CNNVD: CNNVD-200704-011 // NVD: CVE-2007-1826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1826
value: HIGH

Trust: 1.0

NVD: CVE-2007-1826
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200704-011
value: HIGH

Trust: 0.6

VULHUB: VHN-25188
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-1826
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25188
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25188 // JVNDB: JVNDB-2007-001779 // CNNVD: CNNVD-200704-011 // NVD: CVE-2007-1826

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-011

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-011

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001779

PATCH
title:cisco-sa-20070328-voipurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070328-voip
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001779

EXTERNAL IDS
db:NVDid:CVE-2007-1826
Trust: 2.8
db:BIDid:23181
Trust: 2.0
db:OSVDBid:34919
Trust: 1.7
db:VUPENid:ADV-2007-1144
Trust: 1.7
db:SECTRACKid:1017826
Trust: 1.7
db:SECUNIAid:24690
Trust: 1.7
db:JVNDBid:JVNDB-2007-001779
Trust: 0.8
db:CNNVDid:CNNVD-200704-011
Trust: 0.7
db:CISCOid:20070328 MULTIPLE CISCO UNIFIED CALLMANAGER AND PRESENCE SERVER DENIAL OF SERVICE VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-25188
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25188 // 
            
            
            
            BID: 23181 // 
            
            
            
            JVNDB: JVNDB-2007-001779 // 
            
            
            
            CNNVD: CNNVD-200704-011 // 
            
            
            
            NVD: CVE-2007-1826

REFERENCES
url:http://www.securityfocus.com/bid/23181
Trust: 1.7
url:http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml
Trust: 1.7
url:http://osvdb.org/34919
Trust: 1.7
url:http://securitytracker.com/id?1017826
Trust: 1.7
url:http://secunia.com/advisories/24690
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1144
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33302
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1826
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1826
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/1144
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:/archive/1/464065
Trust: 0.3
url:http://www.cisco.com/en/us/products/products_security_advisory09186a008080f17b.shtml
Trust: 0.3
sources:
            
            
            VULHUB: VHN-25188 // 
            
            
            
            BID: 23181 // 
            
            
            
            JVNDB: JVNDB-2007-001779 // 
            
            
            
            CNNVD: CNNVD-200704-011 // 
            
            
            
            NVD: CVE-2007-1826

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200704-011

SOURCES
db:VULHUBid:VHN-25188
db:BIDid:23181
db:JVNDBid:JVNDB-2007-001779
db:CNNVDid:CNNVD-200704-011
db:NVDid:CVE-2007-1826

LAST UPDATE DATE
2024-11-23T21:49:09.940000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25188date:2017-07-29T00:00:00
db:BIDid:23181date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-001779date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200704-011date:2007-04-04T00:00:00
db:NVDid:CVE-2007-1826date:2024-11-21T00:29:14.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-25188date:2007-04-02T00:00:00
db:BIDid:23181date:2007-03-28T00:00:00
db:JVNDBid:JVNDB-2007-001779date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200704-011date:2007-03-28T00:00:00
db:NVDid:CVE-2007-1826date:2007-04-02T23:19:00