CVE-2009-2864

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.

Published: 2009-09-28 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2009-2864 is rated Moderate Risk (62.4/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.94%). EPSS rose +1.39% over the last day, indicating growing attacker interest. Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2009-2864

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.56% 2.94% +1.39%
2 2026-02-17 1.39% 1.56% +0.17%
3 2025-03-30 1.39%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-2864

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.8 2.0 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 6.9 [email protected]

Weakness enumeration for CVE-2009-2864

NVD evaluator notes for CVE-2009-2864

Comment: An unauthenticated, remote attacker could exploit this vulnerability to cause the affected application to fail, resulting in a DoS condition.

Affected software / configurations for CVE-2009-2864

Vendor Product Version Raw CPE
cisco unified_callmanager 5.0\(1\) cpe:2.3:a:cisco:unified_callmanager:5.0\(1\):*:*:*:*:*:*:*
cisco unified_callmanager 5.0\(2\) cpe:2.3:a:cisco:unified_callmanager:5.0\(2\):*:*:*:*:*:*:*
cisco unified_callmanager 5.0\(2a\) cpe:2.3:a:cisco:unified_callmanager:5.0\(2a\):*:*:*:*:*:*:*
cisco unified_callmanager 5.0\(3\) cpe:2.3:a:cisco:unified_callmanager:5.0\(3\):*:*:*:*:*:*:*
cisco unified_callmanager 5.0\(3a\) cpe:2.3:a:cisco:unified_callmanager:5.0\(3a\):*:*:*:*:*:*:*
cisco unified_callmanager 5.0\(4\) cpe:2.3:a:cisco:unified_callmanager:5.0\(4\):*:*:*:*:*:*:*
cisco unified_callmanager 5.0\(4a\) cpe:2.3:a:cisco:unified_callmanager:5.0\(4a\):*:*:*:*:*:*:*
cisco unified_callmanager 5.0\(4c\) cpe:2.3:a:cisco:unified_callmanager:5.0\(4c\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1 cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(1\) cpe:2.3:a:cisco:unified_callmanager:5.1\(1\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(1a\) cpe:2.3:a:cisco:unified_callmanager:5.1\(1a\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(1c\) cpe:2.3:a:cisco:unified_callmanager:5.1\(1c\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(2\) cpe:2.3:a:cisco:unified_callmanager:5.1\(2\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(2a\) cpe:2.3:a:cisco:unified_callmanager:5.1\(2a\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(2b\) cpe:2.3:a:cisco:unified_callmanager:5.1\(2b\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(3\) cpe:2.3:a:cisco:unified_callmanager:5.1\(3\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(3a\) cpe:2.3:a:cisco:unified_callmanager:5.1\(3a\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(3b\) cpe:2.3:a:cisco:unified_callmanager:5.1\(3b\):*:*:*:*:*:*:*
cisco unified_callmanager 5.1\(3c\) cpe:2.3:a:cisco:unified_callmanager:5.1\(3c\):*:*:*:*:*:*:*
cisco unified_callmanager 6.0\(1\) cpe:2.3:a:cisco:unified_callmanager:6.0\(1\):*:*:*:*:*:*:*
cisco unified_callmanager 6.0\(1a\) cpe:2.3:a:cisco:unified_callmanager:6.0\(1a\):*:*:*:*:*:*:*
cisco unified_callmanager 6.0\(1b\) cpe:2.3:a:cisco:unified_callmanager:6.0\(1b\):*:*:*:*:*:*:*
cisco unified_callmanager 6.1 cpe:2.3:a:cisco:unified_callmanager:6.1:*:*:*:*:*:*:*
cisco unified_callmanager 6.1\(1\) cpe:2.3:a:cisco:unified_callmanager:6.1\(1\):*:*:*:*:*:*:*
cisco unified_callmanager 6.1\(1a\) cpe:2.3:a:cisco:unified_callmanager:6.1\(1a\):*:*:*:*:*:*:*
cisco unified_callmanager 6.1\(1b\) cpe:2.3:a:cisco:unified_callmanager:6.1\(1b\):*:*:*:*:*:*:*
cisco unified_callmanager 6.1\(2\) cpe:2.3:a:cisco:unified_callmanager:6.1\(2\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(1b\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(1b\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(1c\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(1c\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(2\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(2\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(2a\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(2a\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(3\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(3\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(3a\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(3a\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(3c\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(3c\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(3d\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(3d\):*:*:*:*:*:*:*
cisco unified_communications_manager 5.1\(3e\) cpe:2.3:a:cisco:unified_communications_manager:5.1\(3e\):*:*:*:*:*:*:*
cisco unified_communications_manager 6.1\(1\) cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
cisco unified_communications_manager 6.1\(1a\) cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
cisco unified_communications_manager 6.1\(1b\) cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):*:*:*:*:*:*:*
cisco unified_communications_manager 6.1\(2\) cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
cisco unified_communications_manager 6.1\(2\)su1 cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
cisco unified_communications_manager 6.1\(2\)su1a cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:*:*:*:*:*:*:*
cisco unified_communications_manager 6.1\(3\) cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):*:*:*:*:*:*:*
cisco unified_communications_manager 7.0\(1\) cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\):*:*:*:*:*:*:*
cisco unified_communications_manager 7.0\(2\) cpe:2.3:a:cisco:unified_communications_manager:7.0\(2\):*:*:*:*:*:*:*
cisco unified_communications_manager 7.1 cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*

References for CVE-2009-2864

cvelogic Threat Intelligence