CVE-2010-2840

Severity CVSS v4.0:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

26/08/2010

Last modified:

11/04/2025

Description

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:N/I:N/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Complete

Base Score 2.0

7.80

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:cisco:unified_presence_server:6.0:::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(2\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(3\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(4\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(5\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(6\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0:::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(2\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(3\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(4\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(5\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(6\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(7\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(2.1101\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(3.1101-2\):::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:cisco:unified_presence_server:6.0:::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(2\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(3\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(4\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(5\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(6\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0:::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(2\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(3\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(4\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(5\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(6\):::::::*
cpe:2.3:a:cisco:unified_presence_server:7.0\(7\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(2.1101\):::::::*
cpe:2.3:a:cisco:unified_presence_server:6.0\(3.1101-2\):::::::*

CVE-2010-2840

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools