Sign-up

ID

VAR-200704-0592


CVE

CVE-2007-1833


TITLE

CUCM of SCCP Service disruption in implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001780

DESCRIPTION

The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. This vulnerability is documented in Cisco Bug ID as CSCsf10805

Trust: 1.98

sources: NVD: CVE-2007-1833 // JVNDB: JVNDB-2007-001780 // BID: 23181 // VULHUB: VHN-25195

AFFECTED PRODUCTS

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0

Trust: 1.9

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2

Trust: 1.9

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)sr3

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(4\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)sr1

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3a\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)sr2

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1

Trust: 1.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3

Trust: 1.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(3\)sr1

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(5\)sr1

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(2\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(3\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(2\)spb

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(2\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(3\)sr4

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(4\)sr1a

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(5\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(2\)spc

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(4\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(5\)sr1a

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3(5)sr2a

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:4.1

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2(3)sr1

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4a)su1

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:4.2

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:3.3

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1(3)sr4

Trust: 0.8

vendor:ciscomodel:unified callmanagerscope:ltversion:5.0

Trust: 0.8

vendor:ciscomodel:unified presence serverscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4)

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(2)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1)

Trust: 0.3

vendor:ciscomodel:unified presence serverscope:neversion:1.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0 su1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2ascope:neversion: -

Trust: 0.3

sources: BID: 23181 // JVNDB: JVNDB-2007-001780 // CNNVD: CNNVD-200704-025 // NVD: CVE-2007-1833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1833
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1833
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200704-025
value: MEDIUM

Trust: 0.6

VULHUB: VHN-25195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-1833
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25195
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25195 // JVNDB: JVNDB-2007-001780 // CNNVD: CNNVD-200704-025 // NVD: CVE-2007-1833

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-025

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-025

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001780

PATCH
title:cisco-sa-20070328-voipurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070328-voip
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001780

EXTERNAL IDS
db:NVDid:CVE-2007-1833
Trust: 2.8
db:BIDid:23181
Trust: 2.0
db:SECUNIAid:24665
Trust: 1.7
db:VUPENid:ADV-2007-1144
Trust: 1.7
db:SECTRACKid:1017826
Trust: 1.7
db:JVNDBid:JVNDB-2007-001780
Trust: 0.8
db:CNNVDid:CNNVD-200704-025
Trust: 0.7
db:CISCOid:20070328 MULTIPLE CISCO UNIFIED CALLMANAGER AND PRESENCE SERVER DENIAL OF SERVICE VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-25195
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25195 // 
            
            
            
            BID: 23181 // 
            
            
            
            JVNDB: JVNDB-2007-001780 // 
            
            
            
            CNNVD: CNNVD-200704-025 // 
            
            
            
            NVD: CVE-2007-1833

REFERENCES
url:http://www.securityfocus.com/bid/23181
Trust: 1.7
url:http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml
Trust: 1.7
url:http://securitytracker.com/id?1017826
Trust: 1.7
url:http://secunia.com/advisories/24665
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1144
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33295
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1833
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1833
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/1144
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:/archive/1/464065
Trust: 0.3
url:http://www.cisco.com/en/us/products/products_security_advisory09186a008080f17b.shtml
Trust: 0.3
sources:
            
            
            VULHUB: VHN-25195 // 
            
            
            
            BID: 23181 // 
            
            
            
            JVNDB: JVNDB-2007-001780 // 
            
            
            
            CNNVD: CNNVD-200704-025 // 
            
            
            
            NVD: CVE-2007-1833

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200704-025

SOURCES
db:VULHUBid:VHN-25195
db:BIDid:23181
db:JVNDBid:JVNDB-2007-001780
db:CNNVDid:CNNVD-200704-025
db:NVDid:CVE-2007-1833

LAST UPDATE DATE
2024-11-23T21:49:09.909000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25195date:2017-07-29T00:00:00
db:BIDid:23181date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-001780date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200704-025date:2007-04-04T00:00:00
db:NVDid:CVE-2007-1833date:2024-11-21T00:29:15.967

SOURCES RELEASE DATE
db:VULHUBid:VHN-25195date:2007-04-03T00:00:00
db:BIDid:23181date:2007-03-28T00:00:00
db:JVNDBid:JVNDB-2007-001780date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200704-025date:2007-03-28T00:00:00
db:NVDid:CVE-2007-1833date:2007-04-03T00:19:00