PT-2010-4335 · Cisco · Cisco Unified Presence

Published

2010-08-26

Updated

2010-09-09

CVE-2010-2840

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco Unified Presence versions 6.x through 6.0(6) Cisco Unified Presence versions 7.x through 7.0(7)

Description The issue arises from the Presence Engine service's improper handling of an erroneous Contact field in the header of a SIP SUBSCRIBE message. This allows remote attackers to cause a denial of service by sending a malformed message.

Recommendations For Cisco Unified Presence versions 6.x through 6.0(6), update to version 6.0(7) or later. For Cisco Unified Presence versions 7.x through 7.0(7), update to version 7.0(8) or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-2840

Affected Products

Cisco Unified Presence

PT-2010-4335 · Cisco · Cisco Unified Presence

CVE-2010-2840

Weakness Enumeration

Related Identifiers

Affected Products

References · 3