Improper input validation in Cisco Unified_presence_server

CVE-2010-2840

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denia…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (62.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified_presence_server — versions 6.0\(5.1101-1\), 7.0.3.10103-2, 6.0\(3.1101-2\)
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

ADV-2010-2186 (vdb-entry, x_refsource_VUPEN)
20100825 Cisco Unified Presence Denial of Service Vulnerabilities (x_refsource_CISCO, vendor-advisory, Patch, Vendor Advisory)