Details of VAR-200704-0593

ID

VAR-200704-0593

CVE

CVE-2007-1834

TITLE

CUCM Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001781

DESCRIPTION

Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. The CUCM vulnerability is documented in Cisco Bug ID as CSCsf12698 and the CUPS vulnerability is documented in Cisco Bug ID as CSCsg60930

Trust: 1.98

sources: NVD: CVE-2007-1834 // JVNDB: JVNDB-2007-001781 // BID: 23181 // VULHUB: VHN-25196

AFFECTED PRODUCTS

vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0	Trust: 1.9
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0	Trust: 1.9
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(4\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(3\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(3a\)	Trust: 1.6
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	lt	version:	5.0	Trust: 0.8
vendor:	cisco	model:	unified presence server	scope:	lt	version:	1.0	Trust: 0.8
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0(3)	Trust: 0.8
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(4a)	Trust: 0.8
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(4)	Trust: 0.3
vendor:	cisco	model:	unified callmanager 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(1)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	unified presence server	scope:	ne	version:	1.0(3)	Trust: 0.3
vendor:	cisco	model:	unified callmanager 5.0 su1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.2 sr1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 3.3 sr2a	scope:	ne	version:	-	Trust: 0.3

sources: BID: 23181 // JVNDB: JVNDB-2007-001781 // CNNVD: CNNVD-200704-043 // NVD: CVE-2007-1834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1834
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-1834
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200704-043
value:	HIGH
Trust: 0.6
VULHUB:	VHN-25196
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-1834
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25196
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25196 // JVNDB: JVNDB-2007-001781 // CNNVD: CNNVD-200704-043 // NVD: CVE-2007-1834

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1834

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-043

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-043

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001781

PATCH

title:

cisco-sa-20070328-voip

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070328-voip

Trust: 0.8

sources: JVNDB: JVNDB-2007-001781

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1834	Trust: 2.8
db:	BID	id:	23181	Trust: 2.0
db:	VUPEN	id:	ADV-2007-1144	Trust: 1.7
db:	SECTRACK	id:	1017826	Trust: 1.7
db:	SECUNIA	id:	24690	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001781	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-043	Trust: 0.7
db:	CISCO	id:	20070328 MULTIPLE CISCO UNIFIED CALLMANAGER AND PRESENCE SERVER DENIAL OF SERVICE VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-25196	Trust: 0.1

sources: VULHUB: VHN-25196 // BID: 23181 // JVNDB: JVNDB-2007-001781 // CNNVD: CNNVD-200704-043 // NVD: CVE-2007-1834

REFERENCES

url:	http://www.securityfocus.com/bid/23181	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml	Trust: 1.7
url:	http://securitytracker.com/id?1017826	Trust: 1.7
url:	http://secunia.com/advisories/24690	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1144	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33299	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1834	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1834	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/1144	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/464065	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008080f17b.shtml	Trust: 0.3

sources: VULHUB: VHN-25196 // BID: 23181 // JVNDB: JVNDB-2007-001781 // CNNVD: CNNVD-200704-043 // NVD: CVE-2007-1834

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-043

SOURCES

db:	VULHUB	id:	VHN-25196
db:	BID	id:	23181
db:	JVNDB	id:	JVNDB-2007-001781
db:	CNNVD	id:	CNNVD-200704-043
db:	NVD	id:	CVE-2007-1834

LAST UPDATE DATE

2024-11-23T21:49:09.878000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25196	date:	2017-07-29T00:00:00
db:	BID	id:	23181	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-001781	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200704-043	date:	2007-04-04T00:00:00
db:	NVD	id:	CVE-2007-1834	date:	2024-11-21T00:29:16.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25196	date:	2007-04-03T00:00:00
db:	BID	id:	23181	date:	2007-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2007-001781	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200704-043	date:	2007-03-28T00:00:00
db:	NVD	id:	CVE-2007-1834	date:	2007-04-03T00:19:00