CVE-2010-2840

Published: Aug 26, 2010Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

Affected (22)

Products: Cisco: Unified Presence Server

Cisco

1 product

Unified Presence Server

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Presence Server	Version 6.0
Cisco Unified Presence Server	Version 6.0(2)
Cisco Unified Presence Server	Version 6.0(3)
Cisco Unified Presence Server	Version 6.0(4)
Cisco Unified Presence Server	Version 6.0(5)
Cisco Unified Presence Server	Version 6.0(6)
Cisco Unified Presence Server	Version 7.0
Cisco Unified Presence Server	Version 7.0(2)
Cisco Unified Presence Server	Version 7.0(3)
Cisco Unified Presence Server	Version 7.0(4)
Cisco Unified Presence Server	Version 7.0(5)
Cisco Unified Presence Server	Version 7.0(6)
Cisco Unified Presence Server	Version 7.0(7)

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Presence Server	Version 6.0.5.1102-1
Cisco Unified Presence Server	Version 6.0(2.1101)
Cisco Unified Presence Server	Version 6.0(3.1101-2)
Cisco Unified Presence Server	Version 6.0(4.1101-5)
Cisco Unified Presence Server	Version 6.0(5.1101-1)
Cisco Unified Presence Server	Version 6.0(5.1103-2)
Cisco Unified Presence Server	Version 7.0.3.10102-3
Cisco Unified Presence Server	Version 7.0.3.10103-2
Cisco Unified Presence Server	Version 7.0.4.10101-2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml

Source: psirt@cisco.com

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/2186

Source: psirt@cisco.com

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/2186

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.