CVE-2009-0057: Input Validation
First published: Thu Jan 22 2009(Updated: )
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =5.0_4 | |
| Cisco Unified Communications Manager | =5.1\(3c\) | |
| Cisco Unified Communications Manager | =6.1\(2\) | |
| Cisco Unified Communications Manager | =6.1.0 | |
| Cisco Unified Communications Manager | =5.1-\(1\) | |
| Cisco Unified Communications Manager | =5.1_3a | |
| Cisco Unified Communications Manager | =5.0_4a | |
| Cisco Unified Communications Manager | =5.1\(2\) | |
| Cisco Unified Communications Manager | =5.1-5.1\(1\) | |
| Cisco Unified Communications Manager | =5.0 | |
| Cisco Unified Communications Manager | =6.1-\(1a\) | |
| Cisco Unified Communications Manager | =5.1-\(2\) | |
| Cisco Unified Communications Manager | =5.0_1 | |
| Cisco Unified Communications Manager | =6.1 | |
| Cisco Unified Communications Manager | =5.1-\(2a\) | |
| Cisco Unified Communications Manager | =5.1_2a | |
| Cisco Unified Communications Manager | =5.0_4a_su1 | |
| Cisco Unified Communications Manager | =5.1-5.1_\(2a\) | |
| Cisco Unified Communications Manager | =6.1_1a | |
| Cisco Unified Communications Manager | =5.1.2 | |
| Cisco Unified Communications Manager | =5.1-\(3a\) | |
| Cisco Unified Communications Manager | =5.1_2b | |
| Cisco Unified Communications Manager | =5.0_3a | |
| Cisco Unified Communications Manager | =5.1_\(2a\) | |
| Cisco Unified Communications Manager | =6.0-\(1a\) | |
| Cisco Unified Communications Manager | =5.0_3 | |
| Cisco Unified Communications Manager | =5.1\(1\) | |
| Cisco Unified Communications Manager | =6.0-\(1\) | |
| Cisco Unified Communications Manager | =5.0_2 | |
| Cisco Unified Communications Manager | =5.1_2 | |
| Cisco Unified Communications Manager | =6.0_1 | |
| Cisco Unified Communications Manager | =5.1-\(2b\) | |
| Cisco Unified Communications Manager | =6.0 | |
| Cisco Unified Communications Manager | =5.1 | |
| Cisco Unified Communications Manager | =6.0_1a | |
| Cisco Unified Communications Manager | =5.1_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/33379
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml
- http://www.securitytracker.com/id?1021620
- http://secunia.com/advisories/33588
- http://www.vupen.com/english/advisories/2009/0213
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48139
Frequently Asked Questions
What is the severity of CVE-2009-0057?
CVE-2009-0057 has been rated as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2009-0057?
To fix CVE-2009-0057, upgrade your Cisco Unified Communications Manager to version 5.1(3e) or later if you are running 5.x, or to version 6.1(3) or later if you are running 6.x.
What systems are affected by CVE-2009-0057?
CVE-2009-0057 affects Cisco Unified Communications Manager versions 5.x and 6.x prior to the specified patches.
What kind of attacks can exploit CVE-2009-0057?
CVE-2009-0057 can be exploited by sending malformed input over a TCP session, leading to a voice service outage.
Is there a workaround for CVE-2009-0057?
There is no official workaround for CVE-2009-0057; users are advised to apply the software updates to mitigate the risk.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/trending
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/5.0_4
- version/cisco unified communications manager/5.1\(3c\)
- version/cisco unified communications manager/6.1\(2\)
- version/cisco unified communications manager/6.1.0
- version/cisco unified communications manager/5.1-\(1\)
- version/cisco unified communications manager/5.1_3a
- version/cisco unified communications manager/5.0_4a
- version/cisco unified communications manager/5.1\(2\)
- version/cisco unified communications manager/5.1-5.1\(1\)
- version/cisco unified communications manager/5.0
- version/cisco unified communications manager/6.1-\(1a\)
- version/cisco unified communications manager/5.1-\(2\)
- version/cisco unified communications manager/5.0_1
- version/cisco unified communications manager/6.1
- version/cisco unified communications manager/5.1-\(2a\)
- version/cisco unified communications manager/5.1_2a
- version/cisco unified communications manager/5.0_4a_su1
- version/cisco unified communications manager/5.1-5.1_\(2a\)
- version/cisco unified communications manager/6.1_1a
- version/cisco unified communications manager/5.1.2
- version/cisco unified communications manager/5.1-\(3a\)
- version/cisco unified communications manager/5.1_2b
- version/cisco unified communications manager/5.0_3a
- version/cisco unified communications manager/5.1_\(2a\)
- version/cisco unified communications manager/6.0-\(1a\)
- version/cisco unified communications manager/5.0_3
- version/cisco unified communications manager/5.1\(1\)
- version/cisco unified communications manager/6.0-\(1\)
- version/cisco unified communications manager/5.0_2
- version/cisco unified communications manager/5.1_2
- version/cisco unified communications manager/6.0_1
- version/cisco unified communications manager/5.1-\(2b\)
- version/cisco unified communications manager/6.0
- version/cisco unified communications manager/5.1
- version/cisco unified communications manager/6.0_1a
- version/cisco unified communications manager/5.1_1