Denial of Service Vulnerability in Cisco Unified Presence
CVE-2010-2840

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Presence Server
Vendor: CVE Published:; 26 August 2010

Summary

The Presence Engine service in Cisco Unified Presence is vulnerable to a denial of service condition that arises from improper handling of the Contact field in SIP SUBSCRIBE messages. Malicious actors can exploit this vulnerability by sending specially crafted messages, causing the affected service to fail. This scenario highlights the importance of ensuring proper validation and sanitization of incoming requests to maintain system integrity.

References

http://www.vupen.com/english/advisories/2010/2186

vdb-entryx_refsource_VUPEN

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Aug 26, 2010
Vulnerability Reserved
Jul 23, 2010