CVE-2009-2051

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

Published: Aug 27, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2051
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios	12.2	12.4.x
cisco / unified_communications_manager	6.1\(1\)	6.1\(4\)
cisco / unified_communications_manager	5.0	5.1\(3g\)
cisco / unified_communications_manager	7.1	7.1\(2\)
cisco / ios_xe	2.5.0	2.6.1.x
cisco / ios	15.0	15.1.x

http://osvdb.org/57453
http://secunia.com/advisories/36498
http://secunia.com/advisories/36499
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml
http://www.securityfocus.com/bid/36152
http://www.securitytracker.com/id?1022775

Vulnerability Database

289,599

CVE-2009-2051