CVE-2010-4687

EPSS 0.76%
Published 07.01.2011 19:00:20
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version < 15.0\(1\)xa1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.76%	0.709

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf

Vendor Advisory

Release Notes

http://www.securityfocus.com/bid/45769

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/64584

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2010-4687

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4687

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4687

EUVD