The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unified_customer_voice_portal | Cisco | * | 9.0(1) (including) |
| Unified_customer_voice_portal | Cisco | 3.0-sr1 (including) | 3.0-sr1 (including) |
| Unified_customer_voice_portal | Cisco | 3.0-sr2 (including) | 3.0-sr2 (including) |
| Unified_customer_voice_portal | Cisco | 3.6(10)-es01 (including) | 3.6(10)-es01 (including) |
| Unified_customer_voice_portal | Cisco | 4.0 (including) | 4.0 (including) |
| Unified_customer_voice_portal | Cisco | 4.0(2) (including) | 4.0(2) (including) |
| Unified_customer_voice_portal | Cisco | 4.0(2)-sr1 (including) | 4.0(2)-sr1 (including) |
| Unified_customer_voice_portal | Cisco | 4.1 (including) | 4.1 (including) |
| Unified_customer_voice_portal | Cisco | 7.0 (including) | 7.0 (including) |
| Unified_customer_voice_portal | Cisco | 7.0(2) (including) | 7.0(2) (including) |
| Unified_customer_voice_portal | Cisco | 8.0(1) (including) | 8.0(1) (including) |
| Unified_customer_voice_portal | Cisco | 8.5(1) (including) | 8.5(1) (including) |
| Unified_customer_voice_portal | Cisco | 9.0 (including) | 9.0 (including) |