CVE-2008-0027

EUVD-2008-0040
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
ciscounified_callmanager
4.0
ciscounified_callmanager
4.1
ciscounified_callmanager
4.1\(3\)sr4
ciscounified_callmanager
4.1\(3\)sr5
ciscounified_callmanager
4.1\(3\)sr5b
ciscounified_communications_manager
4.2
ciscounified_communications_manager
4.2.3sr2:sr2
ciscounified_communications_manager
4.2.3sr2b:sr2b
ciscounified_communications_manager
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
http://secunia.com/advisories/28530
http://securityreason.com/securityalert/3551
http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
http://www.securityfocus.com/archive/1/486432/100/0/threaded
http://www.securityfocus.com/bid/27313
http://www.securitytracker.com/id?1019223
http://www.vupen.com/english/advisories/2008/0171
https://exchange.xforce.ibmcloud.com/vulnerabilities/39704
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
http://secunia.com/advisories/28530
http://securityreason.com/securityalert/3551
http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
http://www.securityfocus.com/archive/1/486432/100/0/threaded
http://www.securityfocus.com/bid/27313
http://www.securitytracker.com/id?1019223
http://www.vupen.com/english/advisories/2008/0171
https://exchange.xforce.ibmcloud.com/vulnerabilities/39704