CVE-2008-1748

EUVD-2008-1748
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
ciscounified_communications_manager
4.1 ≤
𝑥
< 4.1\(3\)sr7
ciscounified_communications_manager
4.2 ≤
𝑥
< 4.2\(3\)sr4
ciscounified_communications_manager
4.3 ≤
𝑥
< 4.3\(2\)
ciscounified_communications_manager
5.0 ≤
𝑥
< 5.1\(3\)
ciscounified_communications_manager
6.0 ≤
𝑥
< 6.1\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/30238
http://securitytracker.com/id?1020022
http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
http://www.securityfocus.com/bid/29221
http://www.vupen.com/english/advisories/2008/1533
https://exchange.xforce.ibmcloud.com/vulnerabilities/42419
http://secunia.com/advisories/30238
http://securitytracker.com/id?1020022
http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
http://www.securityfocus.com/bid/29221
http://www.vupen.com/english/advisories/2008/1533
https://exchange.xforce.ibmcloud.com/vulnerabilities/42419