Vulnerabilities > CVE-2006-0368 - Remote Denial Of Service vulnerability in Cisco CallManager

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

NVD

Published: 2006-01-22

Updated: 2017-07-20

Summary

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco Call Manager * Cisco Call Manager 1.0 Cisco Call Manager 2.0 Cisco Call Manager 3.0 Cisco Call Manager 3.1 Cisco Call Manager 3.1\(2\) Cisco Call Manager 3.1\(3A\) Cisco Call Manager 3.2 Cisco Call Manager 3.3 Cisco Call Manager 3.3\(3\) Cisco Call Manager 3.3\(3\)Es61 Cisco Call Manager 3.3\(4\)Es25 Cisco Call Manager 3.3\(5\) Cisco Call Manager 3.3\(5\)Es30 Cisco Call Manager 4.0 Cisco Call Manager 4.0\(2A\)Es40 Cisco Call Manager 4.0\(2A\)Es62 Cisco Call Manager 4.0\(2A\)Sr2B Cisco Call Manager 4.1\(2\)Es33 Cisco Call Manager 4.1\(2\)Es55 Cisco Call Manager 4.1\(3\)Es07 Cisco Call Manager 4.1\(3\)Es32 Cisco Call Manager 4.1\(3\)Sr1	23

Summary

Vulnerable Configurations

References