What is the severity of CVE-2006-0368?

CVE-2006-0368 is classified as a critical vulnerability due to its potential to cause denial of service attacks.

How do I fix CVE-2006-0368?

To mitigate CVE-2006-0368, upgrade to a fixed version of Cisco CallManager, specifically 3.3(5)SR1 or later, and follow Cisco's security guidance.

What are the impacts of CVE-2006-0368 on affected systems?

The impacts of CVE-2006-0368 include high CPU and memory consumption leading to service interruptions and potential downtime for Cisco CallManager.

Which versions of Cisco CallManager are affected by CVE-2006-0368?

CVE-2006-0368 affects Cisco CallManager versions 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2.

Can CVE-2006-0368 be exploited remotely?

Yes, CVE-2006-0368 can be exploited remotely by attackers through a large number of open TCP connections to port 2000.

Vulnerability/
CVE-2006-0368

high

7.8

CWE

NVD-CWE-Other

22/1/2006

7/8/2024

CVE-2006-0368

First published: Sun Jan 22 2006(Updated: )

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cisco CallManager Express	=4.1\(3\)es07
Cisco CallManager Express	=3.0
Cisco CallManager Express	=3.1\(3a\)
Cisco CallManager Express	=4.1\(3\)es32
Cisco CallManager Express	=1.0
Cisco CallManager Express	=3.3\(5\)
Cisco CallManager Express	=4.1\(3\)sr1
Cisco CallManager Express	=3.3\(3\)es61
Cisco CallManager Express	=3.3\(4\)es25
Cisco CallManager Express	=3.3\(5\)es30
Cisco CallManager Express	=3.2
Cisco CallManager Express	=3.1\(2\)
Cisco CallManager Express	=4.0\(2a\)es40
Cisco CallManager Express	=3.3
Cisco CallManager Express	=2.0
Cisco CallManager Express	=4.1\(2\)es55
Cisco CallManager Express	=4.0\(2a\)es62
Cisco CallManager Express	=3.1
Cisco CallManager Express
Cisco CallManager Express	=4.0
Cisco CallManager Express	=4.1\(2\)es33
Cisco CallManager Express	=3.3\(3\)
Cisco CallManager Express	=4.0\(2a\)sr2b

Remedy

http://secunia.com/advisories/18494

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0368?
CVE-2006-0368 is classified as a critical vulnerability due to its potential to cause denial of service attacks.
How do I fix CVE-2006-0368?
To mitigate CVE-2006-0368, upgrade to a fixed version of Cisco CallManager, specifically 3.3(5)SR1 or later, and follow Cisco's security guidance.
What are the impacts of CVE-2006-0368 on affected systems?
The impacts of CVE-2006-0368 include high CPU and memory consumption leading to service interruptions and potential downtime for Cisco CallManager.
Which versions of Cisco CallManager are affected by CVE-2006-0368?
CVE-2006-0368 affects Cisco CallManager versions 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2.
Can CVE-2006-0368 be exploited remotely?
Yes, CVE-2006-0368 can be exploited remotely by attackers through a large number of open TCP connections to port 2000.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/weakness
agent/author
agent/severity
agent/references
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/cisco
canonical/cisco callmanager express
version/cisco callmanager express/4.1\(3\)es07
version/cisco callmanager express/3.0
version/cisco callmanager express/3.1\(3a\)
version/cisco callmanager express/4.1\(3\)es32
version/cisco callmanager express/1.0
version/cisco callmanager express/3.3\(5\)
version/cisco callmanager express/4.1\(3\)sr1
version/cisco callmanager express/3.3\(3\)es61
version/cisco callmanager express/3.3\(4\)es25
version/cisco callmanager express/3.3\(5\)es30
version/cisco callmanager express/3.2
version/cisco callmanager express/3.1\(2\)
version/cisco callmanager express/4.0\(2a\)es40
version/cisco callmanager express/3.3
version/cisco callmanager express/2.0
version/cisco callmanager express/4.1\(2\)es55
version/cisco callmanager express/4.0\(2a\)es62
version/cisco callmanager express/3.1
version/cisco callmanager express/4.0
version/cisco callmanager express/4.1\(2\)es33
version/cisco callmanager express/3.3\(3\)
version/cisco callmanager express/4.0\(2a\)sr2b