{
  "GSD": {
    "alias": "CVE-2010-0591",
    "description": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.",
    "id": "GSD-2010-0591"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0591"
      ],
      "details": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.",
      "id": "GSD-2010-0591",
      "modified": "2023-12-13T01:21:28.541129Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2010-0591",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1023670",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023670"
          },
          {
            "name": "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml"
          },
          {
            "name": "38498",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/38498"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-0591"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38498",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/38498"
            },
            {
              "name": "1023670",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023670"
            },
            {
              "name": "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2010-03-05T21:43Z",
      "publishedDate": "2010-03-05T16:30Z"
    }
  }
}

{
  "affected": [],
  "aliases": [
    "CVE-2010-0591"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-05T16:30:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.",
  "id": "GHSA-p388-jxx8-mrh3",
  "modified": "2022-05-02T06:13:56Z",
  "published": "2022-05-02T06:13:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0591"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023670"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C2DF1139-A161-48DD-9929-F6939D626461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FF99088E-1330-4E15-8BD3-2A5172FBA460",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6CC94003-72B6-45C3-A07E-0A08F1562B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "958A2707-0F1A-4719-BB9F-DC9ED129105A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "48A8EE9A-458D-4619-B04D-F01A9934DC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "597D9674-F44D-4A31-A2F2-2790ED698A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2B7439-8547-41A6-AE6C-6ABCD167890E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BE122F76-ECDB-4446-825C-EF02257D8C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F3870B-5DE9-4E3E-BEA7-863916DD45DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2564A8-5805-46E0-B6EC-F4967D67C566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D0907FAF-8334-42C1-B35A-EC6ED89AC110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB47159-FA07-4317-B562-D7AB7C49E8F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77979322-F060-4DD4-A6F2-B1157664C0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "248E4608-B870-4913-8048-3771685CBD77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362."
    },
    {
      "lang": "es",
      "value": "Cisco Unified Communications Manager (tambi\u00e9n conocido como CUCM, anteriormente CallManager) v6.x anteriores a v6.1(5), v7.x anteriores a v7.1(3b)SU2, y v8.x anteriores a v8.0(1) permite a atacantes remotos producir una denegaci\u00f3n de servicio (fallo de proceso) a trav\u00e9s de un mensaje SIP REG malformado, relacionado con un desbordamiento del campo \"Telephone-URL\", tambi\u00e9n conocido como Bug ID CSCtc62362."
    }
  ],
  "id": "CVE-2010-0591",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-05T16:30:00.833",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1023670"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/38498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38498"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified Communications Manager versions 6.x ;",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager versions 5.x ;",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager versions 4.x ;",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager versions 7.x.",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Unified\nCommunications Manager (autrefois appel\u00e9 Cisco CallManager). Elles\naffectent les services Session Initiation Protocol (SIP), Skinny Client\nControl Protocol (SCCP) et Computer Telephony Integration (CTI), et\npermettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0587"
    },
    {
      "name": "CVE-2010-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0591"
    },
    {
      "name": "CVE-2010-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0588"
    },
    {
      "name": "CVE-2010-0592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0592"
    },
    {
      "name": "CVE-2010-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0590"
    }
  ],
  "initial_release_date": "2010-03-04T00:00:00",
  "last_revision_date": "2010-03-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20100303-cucm du 03 mars 2010 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml"
    }
  ],
  "reference": "CERTA-2010-AVI-103",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCisco Unified\nCommunications Manager\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cisco-sa-20100303-cucm du 03 mars 2010",
      "url": null
    }
  ]
}

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-0254",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(1a\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(1b\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(2\\)su1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(3\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(4\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1\\(2\\)su1a"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0\\(2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(1a\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.x"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.1(3b)su2"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.x"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.0(1)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.1(5)"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.x"
      },
      {
        "model": "unified communications manager su1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0(0.98000.106)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(2)"
      },
      {
        "model": "unified communications manager 7.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager 7.0 su1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0(2)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(4)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(3)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(2)"
      },
      {
        "model": "unified communications manager 6.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(1)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0(1)"
      },
      {
        "model": "unified communications manager 7.1 su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(5)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "38498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unified_communications_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2010-0591",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2010-0591",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-43196",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-0591",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-0591",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-081",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-43196",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users. \nThis issue is tracked by Cisco Bug ID CSCtc62362. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCisco Security Advisory: Cisco Unified Communications Manager Denial\nof Service Vulnerabilities\n\nAdvisory ID: cisco-sa-20100303-cucm\n\nRevision 1.0\n\nFor Public Release 2010 March 3 1600 UTC (GMT)\n\n+---------------------------------------------------------------------\n\nSummary\n=======\n\nCisco Unified Communications Manager (formerly Cisco CallManager)\ncontains multiple denial of service (DoS) vulnerabilities that if\nexploited could cause an interruption of voice services. The Session\nInitiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and\nComputer Telephony Integration (CTI) Manager services are affected by\nthese vulnerabilities. \nThere is a workaround for of one the vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nCisco Unified Communications Manager is the call processing component\nof the Cisco IP Telephony solution that extends enterprise telephony\nfeatures and functions to packet telephony network devices, such as\nIP phones, media processing devices, VoIP gateways, and multimedia\napplications. Each vulnerability is\ntriggered by a malformed SCCP message that could cause a critical\nprocess to fail, which could result in the disruption of voice\nservices. All SCCP ports (TCP ports 2000 and 2443) are affected. \n\nMalformed SIP Message Vulnerabilities\n+------------------------------------\n\nCisco Unified Communications Manager contains two DoS vulnerabilities\nthat involve the processing of SIP messages. All SIP ports (TCP ports 5060 and 5061, UDP ports 5060 and\n5061) are affected. A malformed message sent to the CTI\nManager service port (TCP 2748) could cause the CTI Manager service\nto fail, which could result in the interruption of CTI applications. \nThe CTI Manager service is disabled by default. \n\nVulnerability Scoring Details\n=============================\n\nCisco has provided scores for the vulnerabilities in this advisory\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\nscoring in this Security Advisory is done in accordance with CVSS\nversion 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of\nthe vulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\nCSCtc38985 - CCM Coredump on SCCP StationCapabilitiesRes Message with MaxCap Exceeded\n\nCVSS Base Score - 7.8\n\nAccess Vector           - Network\nAccess Complexity       - Low\nAuthentication          - None\nConfidentiality Impact  - None\nIntegrity Impact        - None\nAvailability Impact     - Complete\n\nCVSS Temporal Score - 6.4\n\nExploitability          - Functional\nRemediation Level       - Official-Fix\nReport Confidence       - Confirmed\n\nCSCtc47823 - CCM Core at invalid Line# in SCCP RegAvailableLines and FwdStatReq\n\nCVSS Base Score - 7.8\n\nAccess Vector           - Network\nAccess Complexity       - Low\nAuthentication          - None\nConfidentiality Impact  - None\nIntegrity Impact        - None\nAvailability Impact     - Complete\n\nCVSS Temporal Score - 6.4\n\nExploitability          - Functional\nRemediation Level       - Official-Fix\nReport Confidence       - Confirmed\n\nCSCtc37188 - CMSIPUtility Coredump on Fuzzed Register Message\n\nCVSS Base Score - 7.8\n\nAccess Vector           - Network\nAccess Complexity       - Low\nAuthentication          - None\nConfidentiality Impact  - None\nIntegrity Impact        - None\nAvailability Impact     - Complete\n\nCVSS Temporal Score - 6.4\n\nExploitability          - Functional\nRemediation Level       - Official-Fix\nReport Confidence       - Confirmed\n\nCSCtc62362 - CCM Coredump on Overflow of Field Telephone-URL in REG Msg\n\n\nCVSS Base Score - 7.8\n\nAccess Vector           - Network\nAccess Complexity       - Low\nAuthentication          - None\nConfidentiality Impact  - None\nIntegrity Impact        - None\nAvailability Impact     - Complete\n\nCVSS Temporal Score - 6.4\n\nExploitability          - Functional\nRemediation Level       - Official-Fix\nReport Confidence       - Confirmed\n\nCSCsu31800 - CTI crash with invalid packet\n\nCVSS Base Score - 7.8\n\nAccess Vector           - Network\nAccess Complexity       - Low\nAuthentication          - None\nConfidentiality Impact  - None\nIntegrity Impact        - None\nAvailability Impact     - Complete\n\nCVSS Temporal Score - 6.4\n\nExploitability          - Functional\nRemediation Level       - Official-Fix\nReport Confidence       - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the vulnerabilities that are described in\nthis advisory could result in the interruption of voice services. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult:\n\nhttp://www.cisco.com/go/psirt\n\nand any subsequent advisories to determine exposure and a\ncomplete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance.                |\n|----------------+----------------------|\n| 6.x            | 6.1(5)               |\n|----------------+----------------------|\n| 7.x            | 7.1(3b)SU2           |\n|----------------+----------------------|\n|                | Cisco Unified        |\n|                | Communications       |\n|                | Manager version 8.0  |\n|                | (1) was distributed  |\n| 8.x            | with software fixes  |\n|                | for all the          |\n|                | vulnerabilities that |\n|                | are described in     |\n|                | this advisory.       |\n+---------------------------------------+\n\nCisco Unified Communications Manager software version 4.3(2)SR2 can\nbe downloaded at the following link:\n\nhttp://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified+Communications+Manager+Updates\u0026mdfid=280771554\u0026treeName=Voice+and+Unified+Communications\u0026mdfLevel=Software%20Version/Option\u0026url=null\u0026modelName=Cisco+Unified+Communications+Manager+Version+4.3\u0026isPlatform=N\u0026treeMdfId=278875240\u0026modifmdfid=null\u0026imname=\u0026hybrid=Y\u0026imst=N\n\nCisco Unified Communications Manager software version 6.1(5) can be\ndownloaded at the following link:\n\nhttp://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=\u0026isPlatform=Y\u0026mdfid=281023410\u0026sftType=Unified+Communications+Manager+Updates\u0026treeName=Voice+and+Unified+Communications\u0026modelName=Cisco+Unified+Communications+Manager+Version+6.1\u0026mdfLevel=Software%20Version/Option\u0026treeMdfId=278875240\u0026modifmdfid=null\u0026imname=\u0026hybrid=Y\u0026imst=N\n\nCisco Unified Communications Manager software version 7.1(3b)SU2 can\nbe downloaded at the following link:\n\nhttp://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified+Communications+Manager+Updates\u0026mdfid=282421166\u0026treeName=Voice+and+Unified+Communications\u0026mdfLevel=Software%20Version/Option\u0026url=null\u0026modelName=Cisco+Unified+Communications+Manager+Version+7.1\u0026isPlatform=N\u0026treeMdfId=278875240\u0026modifmdfid=null\u0026imname=\u0026hybrid=Y\u0026imst=N\n\nWorkarounds\n===========\n\nAdministrators can mitigate the SCCP- and SIP-related vulnerabilities\nby implementing filtering on screening devices to permit access to\nTCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only\nfrom networks that require SCCP and SIP access to Cisco Unified\nCommunications Manager appliances. \n\nIt is possible to mitigate the CTI Manager vulnerability by disabling\nthe CTI Manager service t is not necessary; however, this workaround\nwill interrupt applications that reply on the CTI Manager service. \nAdministrators can also mitigate the vulnerability by implementing\nfiltering on screening devices to permit access to TCP port 2748 only\nfrom networks that require access to the CTI Manager service. Please\nconsult the following documentation for details on disabling Cisco\nUnified Communications Manager services:\n\nhttp://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/6_0_1/admin/sasrvact.html#wp1048390\n\nAdditional mitigation techniques that can be deployed on Cisco\ndevices within the network are available in the Cisco Applied\nMitigation Bulletin companion document for this advisory:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20100303-cucm.shtml\n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should\nconsult their maintenance provider or check the software for feature\nset compatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco\u0027s software license terms found at:\n\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html\n\nor as otherwise set forth at Cisco.com Downloads at:\n\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml\n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through\ntheir regular update channels. For most customers, this means that\nupgrades should be obtained through the Software Center on Cisco\u0027s\nworldwide website at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through\nprior or existing agreements with third-party support organizations,\nsuch as Cisco Partners, authorized resellers, or service providers\nshould contact that support organization for guidance and assistance\nwith the appropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or\nfix is the most appropriate for use in the intended network before it\nis deployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco\nservice contract, and customers who purchase through third-party\nvendors but are unsuccessful in obtaining fixed software through\ntheir point of sale should acquire upgrades by contacting the Cisco\nTechnical Assistance Center (TAC). TAC contacts are as follows. \n\n  * +1 800 553 2447 (toll free from within North America)\n  * +1 408 526 7209 (toll call from anywhere in the world)\n  * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to\na free upgrade. Free upgrades for non-contract customers must be\nrequested through the TAC. \n\nRefer to:\n\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\n\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerabilities described in this advisory. Cisco would like to thank Sipera\nVIPER Lab team for reporting this vulnerability to us and for working\nwith us on a coordinated disclosure. \n\nAll other vulnerabilities described in this advisory were discovered\nas a result of internal testing conducted by Cisco. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that\nomits the distribution URL in the following section is an\nuncontrolled copy, and may lack important information or contain\nfactual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml\n\nIn addition to worldwide web posting, a text version of this notice\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\nfollowing e-mail and Usenet news recipients. \n\n  * cust-security-announce@cisco.com\n  * first-bulletins@lists.first.org\n  * bugtraq@securityfocus.com\n  * vulnwatch@vulnwatch.org\n  * cisco@spot.colorado.edu\n  * cisco-nsp@puck.nether.net\n  * full-disclosure@lists.grok.org.uk\n  * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on\nmailing lists or newsgroups. Users concerned about this problem are\nencouraged to check the above URL for any updates. \n\nRevision History\n================\n\n+---------------------------------------+\n| Revision |               | Initial    |\n| 1.0      | 2010-March-03 | public     |\n|          |               | release    |\n+---------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html\n\nThis includes instructions for press inquiries regarding Cisco security\nnotices. All Cisco security advisories are available at:\n\nhttp://www.cisco.com/go/psirt\n-----BEGIN PGP SIGNATURE-----\n\niD8DBQFLjfPv86n/Gc8U/uARAg+/AJ9olaRLtbZpQgpUAlbntFXazT9xFQCfR3js\nJuXvX7dKZb3f9AwRnZJ0B4E=\n=WqCm\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0591"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "db": "BID",
        "id": "38498"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43196"
      },
      {
        "db": "PACKETSTORM",
        "id": "86870"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0591",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "38498",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1023670",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20100303 CISCO UNIFIED COMMUNICATIONS MANAGER DENIAL OF SERVICE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "14577",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-43196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86870",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43196"
      },
      {
        "db": "BID",
        "id": "38498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "db": "PACKETSTORM",
        "id": "86870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "id": "VAR-201003-0254",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43196"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:56:23.802000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20100303-cucm",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/US/products/csa/cisco-sa-20100303-cucm.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/38498"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b1b924.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1023670"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0591"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0591"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/14577"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509834"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-amb-20100303-cucm.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/support/downloads/go/platformlist.x?sfttype=unified+communications+manager+updates\u0026mdfid=282421166\u0026treename=voice+and+unified+communications\u0026mdflevel=software%20version/option\u0026url=null\u0026modelname=cisco+unified+communications+manager+version+7.1\u0026isplatform=n\u0026treemdfid=278875240\u0026modifmdfid=null\u0026imname=\u0026hybrid=y\u0026imst=n"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/support/downloads/go/releasetype.x?optplat=\u0026isplatform=y\u0026mdfid=281023410\u0026sfttype=unified+communications+manager+updates\u0026treename=voice+and+unified+communications\u0026modelname=cisco+unified+communications+manager+version+6.1\u0026mdflevel=software%20version/option\u0026treemdfid=278875240\u0026modifmdfid=null\u0026imname=\u0026hybrid=y\u0026imst=n"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0590"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/docs/voice_ip_comm/cucm/service/6_0_1/admin/sasrvact.html#wp1048390"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0591"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0588"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0587"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0592"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/support/downloads/go/platformlist.x?sfttype=unified+communications+manager+updates\u0026mdfid=280771554\u0026treename=voice+and+unified+communications\u0026mdflevel=software%20version/option\u0026url=null\u0026modelname=cisco+unified+communications+manager+version+4.3\u0026isplatform=n\u0026treemdfid=278875240\u0026modifmdfid=null\u0026imname=\u0026hybrid=y\u0026imst=n"
      },
      {
        "trust": 0.1,
        "url": "http://intellishield.cisco.com/security/alertmanager/cvss"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43196"
      },
      {
        "db": "BID",
        "id": "38498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "db": "PACKETSTORM",
        "id": "86870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-43196"
      },
      {
        "db": "BID",
        "id": "38498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "db": "PACKETSTORM",
        "id": "86870"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43196"
      },
      {
        "date": "2010-03-03T00:00:00",
        "db": "BID",
        "id": "38498"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "date": "2010-03-03T21:18:25",
        "db": "PACKETSTORM",
        "id": "86870"
      },
      {
        "date": "2010-03-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      },
      {
        "date": "2010-03-05T16:30:00.833000",
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43196"
      },
      {
        "date": "2010-03-03T00:00:00",
        "db": "BID",
        "id": "38498"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      },
      {
        "date": "2010-03-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      },
      {
        "date": "2024-11-21T01:12:31.940000",
        "db": "NVD",
        "id": "CVE-2010-0591"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Communications Manager Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003834"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-081"
      }
    ],
    "trust": 0.6
  }
}