CVE-2009-2051
First published: Thu Aug 27 2009(Updated: )
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | >=12.2<=12.4 | |
| Cisco Unified Communications Manager Session Management Edition | >=6.1\(1\)<6.1\(4\) | |
| Cisco Unified Communications Manager Session Management Edition | >=5.0<5.1\(3g\) | |
| Cisco Unified Communications Manager Session Management Edition | >=7.1<7.1\(2\) | |
| Cisco IOS XE | >=2.5.0<=2.6.1 | |
| Cisco IOS | >=15.0<=15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/36152
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml
- http://osvdb.org/57453
- http://www.securitytracker.com/id?1022775
- http://secunia.com/advisories/36499
- http://secunia.com/advisories/36498
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml
Frequently Asked Questions
What is the severity of CVE-2009-2051?
CVE-2009-2051 is classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2009-2051?
To fix CVE-2009-2051, update the affected Cisco IOS or Unified Communications Manager to a version that patches this vulnerability.
What types of devices are affected by CVE-2009-2051?
CVE-2009-2051 affects several versions of Cisco IOS, Cisco IOS XE, and Cisco Unified Communications Manager.
Can CVE-2009-2051 be exploited remotely?
Yes, CVE-2009-2051 can be exploited by remote attackers to trigger a device reload.
What versions of Cisco IOS are impacted by CVE-2009-2051?
CVE-2009-2051 impacts Cisco IOS versions 12.2 through 12.4 and 15.0 through 15.1.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/12.2
- version/cisco ios/12.4
- canonical/cisco unified communications manager session management edition
- version/cisco unified communications manager session management edition/6.1\(1\)
- version/cisco unified communications manager session management edition/5.0
- version/cisco unified communications manager session management edition/7.1
- canonical/cisco ios xe
- version/cisco ios xe/2.5.0
- version/cisco ios xe/2.6.1
- version/cisco ios/15.0
- version/cisco ios/15.1