CVE-2008-0027

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
ciscounified_callmanager
4.0
ciscounified_callmanager
4.1
ciscounified_callmanager
4.1\(3\)sr4
ciscounified_callmanager
4.1\(3\)sr5
ciscounified_callmanager
4.1\(3\)sr5b
ciscounified_communications_manager
4.2
ciscounified_communications_manager
4.2.3sr2
ciscounified_communications_manager
4.2.3sr2b
ciscounified_communications_manager
4.3
𝑥
= Vulnerable software versions