Strix
26.1K

CVE-2012-3949

UnknownEPSS 3.20%

Last modified

CVE-2012-3949 is a vulnerability of currently unknown severity. The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.. EPSS estimates a 3.20% chance of exploitation in the next 30 days.

Description

The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.

Metrics

EPSS Probability
3.20%

86.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoUnified Communications Manager6.0\(1a\)
CiscoUnified Communications Manager6.0\(1b\)
CiscoUnified Communications Manager6.1\(1\)
CiscoUnified Communications Manager6.1\(1a\)
CiscoUnified Communications Manager6.1\(1b\)
CiscoUnified Communications Manager6.1\(2\)
CiscoUnified Communications Manager6.1\(3\)
CiscoUnified Communications Manager6.1\(3a\)
CiscoUnified Communications Manager6.1\(3b\)
CiscoUnified Communications Manager6.1\(4\)
CiscoUnified Communications Manager6.1\(4a\)
CiscoUnified Communications Manager6.1\(4b\)
CiscoUnified Communications Manager6.1\(5\)
CiscoUnified Communications Manager7.1\(1\)
CiscoUnified Communications Manager7.1\(2\)
CiscoUnified Communications Manager7.1\(2a\)
CiscoUnified Communications Manager7.1\(2b\)
CiscoUnified Communications Manager7.1\(3\)
CiscoUnified Communications Manager7.1\(3a\)
CiscoUnified Communications Manager7.1\(3b\)
CiscoUnified Communications Manager7.1\(5\)
CiscoUnified Communications Manager7.1\(5a\)
CiscoUnified Communications Manager7.1\(5b\)
CiscoUnified Communications Manager7.1\(5b\)su1
CiscoUnified Communications Manager7.1\(5b\)su1a
CiscoUnified Communications Manager7.1\(5b\)su2
CiscoUnified Communications Manager7.1\(5b\)su3
CiscoUnified Communications Manager7.1\(5b\)su4
CiscoUnified Communications Manager8.0
CiscoUnified Communications Manager8.0\(1\)
CiscoUnified Communications Manager8.0\(2\)
CiscoUnified Communications Manager8.0\(2a\)
CiscoUnified Communications Manager8.0\(2b\)
CiscoUnified Communications Manager8.0\(2c\)
CiscoUnified Communications Manager8.0\(3\)
CiscoUnified Communications Manager8.0\(3a\)
CiscoUnified Communications Manager8.5\(1\)su1
CiscoUnified Communications Manager8.5\(1\)su2
CiscoUnified Communications Manager8.5\(1\)su3
CiscoIos12.2
CiscoIos12.2b
CiscoIos12.2bc
CiscoIos12.2bw
CiscoIos12.2bx
CiscoIos12.2by
CiscoIos12.2bz
CiscoIos12.2ca
CiscoIos12.2cx
CiscoIos12.2cy
CiscoIos12.2cz

Showing 50 of 260 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-3949?
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.
How severe is CVE-2012-3949?
Severity scoring for CVE-2012-3949 is pending analysis. The EPSS model estimates a 3.20% probability of exploitation in the next 30 days.
How do I fix CVE-2012-3949?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-3949?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST