VIR Vulnerability Intelligence Relay

CVE-2012-3949

high
Published 2012-09-27 · Modified 2026-04-29
CVSS v3
CVSS v2
7.8
VIR risk
7.8

Description

The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm

Application impact
VendorProductVersionsFixed
ciscounified_communications_manager6.0\(1a\)
ciscounified_communications_manager6.0\(1b\)
ciscounified_communications_manager6.1\(1\)
ciscounified_communications_manager6.1\(1a\)
ciscounified_communications_manager6.1\(1b\)
ciscounified_communications_manager6.1\(2\)
ciscounified_communications_manager6.1\(3\)
ciscounified_communications_manager6.1\(3a\)
ciscounified_communications_manager6.1\(3b\)
ciscounified_communications_manager6.1\(4\)
ciscounified_communications_manager6.1\(4a\)
ciscounified_communications_manager6.1\(4b\)
ciscounified_communications_manager6.1\(5\)
ciscounified_communications_manager7.1\(1\)
ciscounified_communications_manager7.1\(2\)
ciscounified_communications_manager7.1\(2a\)
ciscounified_communications_manager7.1\(2b\)
ciscounified_communications_manager7.1\(3\)
ciscounified_communications_manager7.1\(3a\)
ciscounified_communications_manager7.1\(3b\)
ciscounified_communications_manager7.1\(5\)
ciscounified_communications_manager7.1\(5a\)
ciscounified_communications_manager7.1\(5b\)
ciscounified_communications_manager7.1\(5b\)su1
ciscounified_communications_manager7.1\(5b\)su1a
ciscounified_communications_manager7.1\(5b\)su2
ciscounified_communications_manager7.1\(5b\)su3
ciscounified_communications_manager7.1\(5b\)su4
ciscounified_communications_manager8.0
ciscounified_communications_manager8.0\(1\)
ciscounified_communications_manager8.0\(2\)
ciscounified_communications_manager8.0\(2a\)
ciscounified_communications_manager8.0\(2b\)
ciscounified_communications_manager8.0\(2c\)
ciscounified_communications_manager8.0\(3\)
ciscounified_communications_manager8.0\(3a\)
ciscounified_communications_manager8.5\(1\)su1
ciscounified_communications_manager8.5\(1\)su2
ciscounified_communications_manager8.5\(1\)su3

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.