Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.
CVSS v2.0 Score
7.8
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Information
- Published
- 23 sept. 2010
- Updated
- 29 avr. 2026
- Status
- Modified
- Source
- psirt@cisco.com
Affected products
cisco ios
Versions : 12.1, 12.1t, 12.1xi, 12.1xj, 12.1xl
cisco ios xeAll Cisco IOS XE CVEs →
Versions : 2.5.0, 2.5.1, 2.6.0, 2.6.1
cisco unified communications manager
Versions : 6.0, 6.0\(1.2114.1\), 6.0\(1.2121.1\), 6.0\(1b\), 6.1\(1\)
Weaknesses (CWE)
NVD-CWE-noinfo
References (4)
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.