CVE-2010-2840

Cisco Unified Presence <6.0(7)-7.0(8) - DoS

Title source: llm
STIX 2.1

Description

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

References (2)

Core 2
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2186
Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml

Scores

EPSS 0.0122
EPSS Percentile 65.1%

Details

CWE
CWE-20
Status published
Products (22)
cisco/unified_presence_server 6.0
cisco/unified_presence_server 6.0\(2\)
cisco/unified_presence_server 6.0\(3\)
cisco/unified_presence_server 6.0\(4\)
cisco/unified_presence_server 6.0\(5\)
cisco/unified_presence_server 6.0\(6\)
cisco/unified_presence_server 7.0
cisco/unified_presence_server 7.0\(2\)
cisco/unified_presence_server 7.0\(3\)
cisco/unified_presence_server 7.0\(4\)
... and 12 more
Published Aug 26, 2010
Tracked Since Feb 18, 2026