ID

VAR-200704-0592


CVE

CVE-2007-1833


TITLE

CUCM of SCCP Service disruption in implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001780

DESCRIPTION

The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. This vulnerability is documented in Cisco Bug ID as CSCsf10805

Trust: 1.98

sources: NVD: CVE-2007-1833 // JVNDB: JVNDB-2007-001780 // BID: 23181 // VULHUB: VHN-25195

AFFECTED PRODUCTS

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0

Trust: 1.9

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2

Trust: 1.9

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)sr3

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(4\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)sr1

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3a\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)sr2

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1

Trust: 1.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3

Trust: 1.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(3\)sr1

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(5\)sr1

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(2\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(3\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(2\)spb

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(2\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(3\)sr4

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(4\)sr1a

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(5\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(2\)spc

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(4\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(5\)sr1a

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3(5)sr2a

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:4.1

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2(3)sr1

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4a)su1

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:4.2

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:3.3

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1(3)sr4

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:5.0

Trust: 0.8

vendor:ciscomodel:unified presence serverscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4)

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(2)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1)

Trust: 0.3

vendor:ciscomodel:unified presence serverscope:neversion:1.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0 su1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2ascope:neversion: -

Trust: 0.3

sources: BID: 23181 // JVNDB: JVNDB-2007-001780 // CNNVD: CNNVD-200704-025 // NVD: CVE-2007-1833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1833
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1833
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200704-025
value: MEDIUM

Trust: 0.6

VULHUB: VHN-25195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-1833
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25195
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25195 // JVNDB: JVNDB-2007-001780 // CNNVD: CNNVD-200704-025 // NVD: CVE-2007-1833

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-025

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-025

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001780

PATCH

title:cisco-sa-20070328-voipurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070328-voip

Trust: 0.8

sources: JVNDB: JVNDB-2007-001780

EXTERNAL IDS

db:NVDid:CVE-2007-1833

Trust: 2.8

db:BIDid:23181

Trust: 2.0

db:SECUNIAid:24665

Trust: 1.7

db:VUPENid:ADV-2007-1144

Trust: 1.7

db:SECTRACKid:1017826

Trust: 1.7

db:JVNDBid:JVNDB-2007-001780

Trust: 0.8

db:CNNVDid:CNNVD-200704-025

Trust: 0.7

db:CISCOid:20070328 MULTIPLE CISCO UNIFIED CALLMANAGER AND PRESENCE SERVER DENIAL OF SERVICE VULNERABILITIES

Trust: 0.6

db:VULHUBid:VHN-25195

Trust: 0.1

sources: VULHUB: VHN-25195 // BID: 23181 // JVNDB: JVNDB-2007-001780 // CNNVD: CNNVD-200704-025 // NVD: CVE-2007-1833

REFERENCES

url:http://www.securityfocus.com/bid/23181

Trust: 1.7

url:http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml

Trust: 1.7

url:http://securitytracker.com/id?1017826

Trust: 1.7

url:http://secunia.com/advisories/24665

Trust: 1.7

url:http://www.vupen.com/english/advisories/2007/1144

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33295

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1833

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1833

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2007/1144

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:/archive/1/464065

Trust: 0.3

url:http://www.cisco.com/en/us/products/products_security_advisory09186a008080f17b.shtml

Trust: 0.3

sources: VULHUB: VHN-25195 // BID: 23181 // JVNDB: JVNDB-2007-001780 // CNNVD: CNNVD-200704-025 // NVD: CVE-2007-1833

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-025

SOURCES

db:VULHUBid:VHN-25195
db:BIDid:23181
db:JVNDBid:JVNDB-2007-001780
db:CNNVDid:CNNVD-200704-025
db:NVDid:CVE-2007-1833

LAST UPDATE DATE

2024-11-23T21:49:09.909000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-25195date:2017-07-29T00:00:00
db:BIDid:23181date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-001780date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200704-025date:2007-04-04T00:00:00
db:NVDid:CVE-2007-1833date:2024-11-21T00:29:15.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-25195date:2007-04-03T00:00:00
db:BIDid:23181date:2007-03-28T00:00:00
db:JVNDBid:JVNDB-2007-001780date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200704-025date:2007-03-28T00:00:00
db:NVDid:CVE-2007-1833date:2007-04-03T00:19:00