CVE-2009-0057

EPSS 0.53%
Published 22.01.2009 18:30:03
Last modified 09.04.2025 00:30:58
Source psirt@cisco.com
Teams watchlist Login
Open Login

The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Unified Communications Manager Version5.0

Cisco ≫ Unified Communications Manager Version5.0_1

Cisco ≫ Unified Communications Manager Version5.0_2

Cisco ≫ Unified Communications Manager Version5.0_3

Cisco ≫ Unified Communications Manager Version5.0_3a

Cisco ≫ Unified Communications Manager Version5.0_4

Cisco ≫ Unified Communications Manager Version5.0_4a

Cisco ≫ Unified Communications Manager Version5.0_4a_su1

Cisco ≫ Unified Communications Manager Version5.1

Cisco ≫ Unified Communications Manager Version5.1.2

Cisco ≫ Unified Communications Manager Version5.1_1

Cisco ≫ Unified Communications Manager Version5.1_2

Cisco ≫ Unified Communications Manager Version5.1_2a

Cisco ≫ Unified Communications Manager Version5.1_2b

Cisco ≫ Unified Communications Manager Version5.1_3a

Cisco ≫ Unified Communications Manager Version6.0

Cisco ≫ Unified Communications Manager Version6.0_1

Cisco ≫ Unified Communications Manager Version6.0_1a

Cisco ≫ Unified Communications Manager Version6.1

Cisco ≫ Unified Communications Manager Version6.1.0

Cisco ≫ Unified Communications Manager Version6.1_1a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.53%	0.645

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/33588

Vendor Advisory

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml

Vendor Advisory

http://www.securityfocus.com/bid/33379

http://www.securitytracker.com/id?1021620

http://www.vupen.com/english/advisories/2009/0213

https://exchange.xforce.ibmcloud.com/vulnerabilities/48139

https://nvd.nist.gov/vuln/detail/CVE-2009-0057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0057

EUVD