CVE-2012-3949

Severity CVSS v4.0:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

27/09/2012

Last modified:

11/04/2025

Description

The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:N/I:N/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Complete

Base Score 2.0

7.80

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2\):::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4b\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2\):::::::*

CVE-2012-3949

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools