CVE-2009-2052 - OpenCVE

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Communications Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/36498
http://secunia.com/advisories/36499
http://secunia.com/advisories/37039
http://securitytracker.com/id?1023018
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml
http://www.securityfocus.com/bid/36152
http://www.securityfocus.com/bid/36676
http://www.securitytracker.com/id?1022775
http://www.vupen.com/english/advisories/2009/2915

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2009-08-27T16:31:00

Updated: 2024-08-07T05:36:20.518Z

Reserved: 2009-06-12T00:00:00

Link: CVE-2009-2052

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-08-27T17:00:01.000

Modified: 2021-10-06T15:12:03.650

Link: CVE-2009-2052

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-26T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to \"tracking of network connections,\" aka Bug IDs CSCsq22534 and CSCsw52371."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-09-02T09:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "ADV-2009-2915", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2915"}, {"name": "36499", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36499"}, {"name": "37039", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37039"}, {"name": "1023018", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023018"}, {"name": "36152", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36152"}, {"name": "36498", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36498"}, {"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"}, {"name": "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml"}, {"name": "1022775", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022775"}, {"name": "36676", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36676"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2009-2052", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to \"tracking of network connections,\" aka Bug IDs CSCsq22534 and CSCsw52371."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2009-2915", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2915"}, {"name": "36499", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36499"}, {"name": "37039", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37039"}, {"name": "1023018", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023018"}, {"name": "36152", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36152"}, {"name": "36498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36498"}, {"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"}, {"name": "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml"}, {"name": "1022775", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022775"}, {"name": "36676", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36676"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:36:20.518Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2009-2915", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2915"}, {"name": "36499", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36499"}, {"name": "37039", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37039"}, {"name": "1023018", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023018"}, {"name": "36152", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36152"}, {"name": "36498", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36498"}, {"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"}, {"name": "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml"}, {"name": "1022775", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022775"}, {"name": "36676", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36676"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2009-2052", "datePublished": "2009-08-27T16:31:00", "dateReserved": "2009-06-12T00:00:00", "dateUpdated": "2024-08-07T05:36:20.518Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B48B0779-7796-45D2-8967-459F562A6243", "versionEndExcluding": "5.1\\(3g\\)", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "98AF7F97-8702-4E7B-BDE4-BD5A3114FDF4", "versionEndExcluding": "6.1\\(4\\)", "versionStartIncluding": "6.1\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "70FFE57A-3D1F-4310-87F5-CEE420125357", "versionEndExcluding": "7.0\\(2\\)", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "96DB29BF-9A40-4591-BE41-C519B86C2EEF", "versionEndExcluding": "7.1\\(2\\)", "versionStartIncluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to \"tracking of network connections,\" aka Bug IDs CSCsq22534 and CSCsw52371."}, {"lang": "es", "value": "Unified Communications Manager de Cisco (tambi\u00e9n conocido como CUCM, anteriormente CallManager) versi\u00f3n 4.x, versi\u00f3n 5.x anterior a 5.1 (3g), versi\u00f3n 6.x anterior a 6.1 (4), versi\u00f3n 7.0 anterior a 7.0 (2) y versi\u00f3n 7.1 anterior a 7.1 (2); y Unified Presence de Cisco versi\u00f3n 1.x, versi\u00f3n 6.x anterior a 6.0 (6) y versi\u00f3n 7.x anterior a 7.0 (4); permite a los atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de los servicios TCP) por medio de una gran cantidad de conexiones TCP, relacionadas con el \"tracking of network connections,\" tambi\u00e9n conocida como Bug Id. CSCsq22534 y CSCsw52371."}], "id": "CVE-2009-2052", "lastModified": "2021-10-06T15:12:03.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-27T17:00:01.000", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36498"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36499"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37039"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1023018"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36152"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36676"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022775"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2915"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}