CVE-2006-0368

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.

Published: Jan 22, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0368
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / call_manager	4.1(3)es07	4.1(3)es07.x
cisco / call_manager	3.0	3.0.x
cisco / call_manager	3.1(3a)	3.1(3a).x
cisco / call_manager	4.1(3)es32	4.1(3)es32.x
cisco / call_manager	1.0	1.0.x
cisco / call_manager	3.3(5)	3.3(5).x
cisco / call_manager	4.1(3)sr1	4.1(3)sr1.x
cisco / call_manager	3.3(3)es61	3.3(3)es61.x
cisco / call_manager	3.3(4)es25	3.3(4)es25.x
cisco / call_manager	3.3(5)es30	3.3(5)es30.x
cisco / call_manager	3.2	3.2.x
cisco / call_manager	3.1(2)	3.1(2).x
cisco / call_manager	4.0(2a)es40	4.0(2a)es40.x
cisco / call_manager	3.3	3.3.x
cisco / call_manager	2.0	2.0.x
cisco / call_manager	4.1(2)es55	4.1(2)es55.x
cisco / call_manager	4.0(2a)es62	4.0(2a)es62.x
cisco / call_manager	3.1	3.1.x
cisco / call_manager	-	-
cisco / call_manager	4.0	4.0.x
cisco / call_manager	4.1(2)es33	4.1(2)es33.x
cisco / call_manager	3.3(3)	3.3(3).x
cisco / call_manager	4.0(2a)sr2b	4.0(2a)sr2b.x

Vulnerability Database

289,599

CVE-2006-0368