{"vuid":"VU#613384","idnumber":"613384","name":"Cisco IOS embedded call processing solutions contain unspecified DoS vulnerability","keywords":["Cisco","IOS","Embedded Call Processing Solutions","DoS","denial of service","its","cme","srst"],"overview":"An unspecified error in Cisco Internetwork Operating System (IOS) could allow a remote attacker to cause a denial of service.","clean_desc":"Cisco IOS is a very widely deployed network operating system. IOS release trains 12.1YD, 12.2T, 12.3, and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME), or Survivable Site Telephony (SRST), may contain a vulnerability in the processing of certain control protocol messages. A specially crafted control protocol message could cause the device to reload.","impact":"By sending a specially crafted control protocol message to an affected device, a remote attacker could cause the device to reset. Repeated exploitation of this vulnerability could lead to a sustained denial-of-service condition.","resolution":"Apply a patch or upgrade Please refer to the \"Software Versions and Fixes\" section of the Cisco Security Advisory for more information on upgrading.","workarounds":"Workarounds Cisco recommends a number of workarounds. For a complete list of workarounds, see the \"Workarounds\" section of the Cisco Security Advisory.","sysaffected":"","thanks":"This vulnerability was reported by the Cisco Systems Product Security Incident Response Team.","author":"This document was written by Will Dormann, based on the information provided in the Cisco Security Advisory.","public":["http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml","http://secunia.com/advisories/13913/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-19T17:37:19Z","publicdate":"2005-01-19T00:00:00Z","datefirstpublished":"2005-01-21T18:29:07Z","dateupdated":"2005-01-21T19:40:53Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"20","cam_impact":"3","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"9.45","cam_scorecurrentwidelyknown":"12.6","cam_scorecurrentwidelyknownexploited":"18.9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.45,"vulnote":null}