CVE-2006-0368

Name of the Vulnerable Software and Affected Versions Cisco CallManager versions 3.2 and earlier Cisco CallManager version 3.3 before 3.3(5)SR1 Cisco CallManager version 4.0 before 4.0(2a)SR2c Cisco CallManager version 4.1 before 4.1(3)SR2

Description The issue allows remote attackers to cause a denial of service, consuming CPU and memory via a large number of open TCP connections to port 2000. Additionally, it allows attackers to fill the Windows Service Manager communication queue via a large number of TCP connections to ports 2001, 2002, or 7727.

Recommendations For Cisco CallManager versions 3.2 and earlier, update to a version later than 3.2 to resolve the issue. For Cisco CallManager version 3.3 before 3.3(5)SR1, update to 3.3(5)SR1 or later to resolve the issue. For Cisco CallManager version 4.0 before 4.0(2a)SR2c, update to 4.0(2a)SR2c or later to resolve the issue. For Cisco CallManager version 4.1 before 4.1(3)SR2, update to 4.1(3)SR2 or later to resolve the issue. As a temporary workaround, consider restricting access to ports 2000, 2001, 2002, and 7727 to minimize the risk of exploitation.