CVE-2010-2840

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
ciscounified_presence_server
6.0
ciscounified_presence_server
6.0\(2\)
ciscounified_presence_server
6.0\(3\)
ciscounified_presence_server
6.0\(4\)
ciscounified_presence_server
6.0\(5\)
ciscounified_presence_server
6.0\(6\)
ciscounified_presence_server
7.0
ciscounified_presence_server
7.0\(2\)
ciscounified_presence_server
7.0\(3\)
ciscounified_presence_server
7.0\(4\)
ciscounified_presence_server
7.0\(5\)
ciscounified_presence_server
7.0\(6\)
ciscounified_presence_server
7.0\(7\)
ciscounified_presence_server
6.0\(2.1101\)
ciscounified_presence_server
6.0\(3.1101-2\)
ciscounified_presence_server
6.0\(4.1101-5\)
ciscounified_presence_server
6.0\(5.1101-1\)
ciscounified_presence_server
6.0\(5.1103-2\)
ciscounified_presence_server
6.0.5.1102-1
ciscounified_presence_server
7.0.3.10102-3
ciscounified_presence_server
7.0.3.10103-2
ciscounified_presence_server
7.0.4.10101-2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml
http://www.vupen.com/english/advisories/2010/2186
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml
http://www.vupen.com/english/advisories/2010/2186