Vulnerabilities > CVE-2010-1565 - Resource Management Errors vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
cisco
CWE-399

Summary

Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
2

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 40117,40120,40121,40122,40123,40124,40125,40126,40128 CVE(CAN) ID: CVE-2010-0601,CVE-2010-0602,CVE-2010-0603,CVE-2010-0604,CVE-2010-1561,CVE-2010-1562,CVE-2010-1563,CVE-2010-1567,CVE-2010-1565 PGW 2200是运营商级的软件交换机,可在NGN和IMS基础架构中用于执行呼叫控制。 PGW 2200软件交换机的SIP实现和MGCP实现中存在多个拒绝服务漏洞,远程攻击者可以通过发送畸形SIP或MGCP报文导致设备崩溃,或导致无法接受或创建新的TCP连接。 Cisco PGW 2200 Softswitch 9.8 Cisco PGW 2200 Softswitch 9.7 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20100512-pgw)以及相应补丁: cisco-sa-20100512-pgw:Multiple vulnerabilities in Cisco PGW Softswitch 链接:http://www.cisco.com/warp/public/707/cisco-sa-20100512-pgw.shtml
idSSV:19634
last seen2017-11-19
modified2010-05-16
published2010-05-16
reporterRoot
titleCisco PGW Softswitch产品SIP和MGCP报文处理拒绝服务漏洞