Vulnerability in Cisco IOS Embedded Call Processing Solutions - Cisco Systems

medium Nessus Plugin ID 48979

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20050119-itscme.

See Also

http://www.nessus.org/u?9ca1d056

http://www.nessus.org/u?0e41b5df

Plugin Details

Severity: Medium

ID: 48979

File Name: cisco-sa-20050119-itscmehttp.nasl

Version: 1.18

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/19/2005

Vulnerability Publication Date: 1/19/2005

Reference Information

CVE: CVE-2005-0186

BID: 12307

CISCO-SA: cisco-sa-20050119-itscme

CISCO-BUG-ID: CSCee08584