What is the severity of CVE-2009-2864?

CVE-2009-2864 has a high severity rating due to its potential to cause a denial of service through malformed SIP messages.

How do I fix CVE-2009-2864?

To fix CVE-2009-2864, upgrade to the patched versions of Cisco Unified Communications Manager specified in the security advisory.

What versions of Cisco Unified Communications Manager are affected by CVE-2009-2864?

CVE-2009-2864 affects Cisco Unified Communications Manager versions 5.x prior to 5.1(3g), 6.x prior to 6.1(4), and 7.0.x prior to 7.0(2a)su1.

How can CVE-2009-2864 be exploited?

CVE-2009-2864 can be exploited by remote attackers sending specially crafted SIP messages to the affected Cisco devices.

Is there a known patch for CVE-2009-2864?

Yes, Cisco provides specific patches for CVE-2009-2864 within the advised versions of their Unified Communications Manager software.

Vulnerability/
CVE-2009-2864

high

7.8

CWE

NVD-CWE-Other

28/9/2009

7/8/2024

CVE-2009-2864

First published: Mon Sep 28 2009(Updated: )

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco CallManager Express	=5.0\(1\)
Cisco CallManager Express	=5.0\(2\)
Cisco CallManager Express	=5.0\(2a\)
Cisco CallManager Express	=5.0\(3\)
Cisco CallManager Express	=5.0\(3a\)
Cisco CallManager Express	=5.0\(4\)
Cisco CallManager Express	=5.0\(4a\)
Cisco CallManager Express	=5.0\(4c\)
Cisco CallManager Express	=5.1
Cisco CallManager Express	=5.1\(1\)
Cisco CallManager Express	=5.1\(1a\)
Cisco CallManager Express	=5.1\(1c\)
Cisco CallManager Express	=5.1\(2\)
Cisco CallManager Express	=5.1\(2a\)
Cisco CallManager Express	=5.1\(2b\)
Cisco CallManager Express	=5.1\(3\)
Cisco CallManager Express	=5.1\(3a\)
Cisco CallManager Express	=5.1\(3b\)
Cisco CallManager Express	=5.1\(3c\)
Cisco CallManager Express	=6.0\(1\)
Cisco CallManager Express	=6.0\(1a\)
Cisco CallManager Express	=6.0\(1b\)
Cisco CallManager Express	=6.1
Cisco CallManager Express	=6.1\(1\)
Cisco CallManager Express	=6.1\(1a\)
Cisco CallManager Express	=6.1\(1b\)
Cisco CallManager Express	=6.1\(2\)
Cisco Unified Communications Manager	=5.1\(1b\)
Cisco Unified Communications Manager	=5.1\(1c\)
Cisco Unified Communications Manager	=5.1\(2\)
Cisco Unified Communications Manager	=5.1\(2a\)
Cisco Unified Communications Manager	=5.1\(3\)
Cisco Unified Communications Manager	=5.1\(3a\)
Cisco Unified Communications Manager	=5.1\(3c\)
Cisco Unified Communications Manager	=5.1\(3d\)
Cisco Unified Communications Manager	=5.1\(3e\)
Cisco Unified Communications Manager	=6.1\(1\)
Cisco Unified Communications Manager	=6.1\(1a\)
Cisco Unified Communications Manager	=6.1\(1b\)
Cisco Unified Communications Manager	=6.1\(2\)
Cisco Unified Communications Manager	=6.1\(2\)su1
Cisco Unified Communications Manager	=6.1\(2\)su1a
Cisco Unified Communications Manager	=6.1\(3\)
Cisco Unified Communications Manager	=7.0\(1\)
Cisco Unified Communications Manager	=7.0\(2\)
Cisco Unified Communications Manager	=7.1

Remedy

http://tools.cisco.com/security/center/viewAlert.x?alertId=18883

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2864?
CVE-2009-2864 has a high severity rating due to its potential to cause a denial of service through malformed SIP messages.
How do I fix CVE-2009-2864?
To fix CVE-2009-2864, upgrade to the patched versions of Cisco Unified Communications Manager specified in the security advisory.
What versions of Cisco Unified Communications Manager are affected by CVE-2009-2864?
CVE-2009-2864 affects Cisco Unified Communications Manager versions 5.x prior to 5.1(3g), 6.x prior to 6.1(4), and 7.0.x prior to 7.0(2a)su1.
How can CVE-2009-2864 be exploited?
CVE-2009-2864 can be exploited by remote attackers sending specially crafted SIP messages to the affected Cisco devices.
Is there a known patch for CVE-2009-2864?
Yes, Cisco provides specific patches for CVE-2009-2864 within the advised versions of their Unified Communications Manager software.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/remedy
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/event
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/cisco
canonical/cisco callmanager express
version/cisco callmanager express/5.0\(1\)
version/cisco callmanager express/5.0\(2\)
version/cisco callmanager express/5.0\(2a\)
version/cisco callmanager express/5.0\(3\)
version/cisco callmanager express/5.0\(3a\)
version/cisco callmanager express/5.0\(4\)
version/cisco callmanager express/5.0\(4a\)
version/cisco callmanager express/5.0\(4c\)
version/cisco callmanager express/5.1
version/cisco callmanager express/5.1\(1\)
version/cisco callmanager express/5.1\(1a\)
version/cisco callmanager express/5.1\(1c\)
version/cisco callmanager express/5.1\(2\)
version/cisco callmanager express/5.1\(2a\)
version/cisco callmanager express/5.1\(2b\)
version/cisco callmanager express/5.1\(3\)
version/cisco callmanager express/5.1\(3a\)
version/cisco callmanager express/5.1\(3b\)
version/cisco callmanager express/5.1\(3c\)
version/cisco callmanager express/6.0\(1\)
version/cisco callmanager express/6.0\(1a\)
version/cisco callmanager express/6.0\(1b\)
version/cisco callmanager express/6.1
version/cisco callmanager express/6.1\(1\)
version/cisco callmanager express/6.1\(1a\)
version/cisco callmanager express/6.1\(1b\)
version/cisco callmanager express/6.1\(2\)
canonical/cisco unified communications manager
version/cisco unified communications manager/5.1\(1b\)
version/cisco unified communications manager/5.1\(1c\)
version/cisco unified communications manager/5.1\(2\)
version/cisco unified communications manager/5.1\(2a\)
version/cisco unified communications manager/5.1\(3\)
version/cisco unified communications manager/5.1\(3a\)
version/cisco unified communications manager/5.1\(3c\)
version/cisco unified communications manager/5.1\(3d\)
version/cisco unified communications manager/5.1\(3e\)
version/cisco unified communications manager/6.1\(1\)
version/cisco unified communications manager/6.1\(1a\)
version/cisco unified communications manager/6.1\(1b\)
version/cisco unified communications manager/6.1\(2\)
version/cisco unified communications manager/6.1\(2\)su1
version/cisco unified communications manager/6.1\(2\)su1a
version/cisco unified communications manager/6.1\(3\)
version/cisco unified communications manager/7.0\(1\)
version/cisco unified communications manager/7.0\(2\)
version/cisco unified communications manager/7.1