Search criteria

54 vulnerabilities found for unified_callmanager by cisco

FKIE_CVE-2015-0680

Vulnerability from fkie_nvd - Published: 2015-03-28 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=38079Vendor Advisory
psirt@cisco.comhttp://www.securitytracker.com/id/1031991
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=38079Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031991
Impacted products
Vendor Product Version
cisco unified_callmanager 9.1\(2.1000.28\)
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:9.1\\(2.1000.28\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1B4A43-3C83-4EF9-96C7-15FE1461D34A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439."
    },
    {
      "lang": "es",
      "value": "Cisco Unified Call Manager (CM) 9.1(2.1000.28) no restringe correctamente las solicitudes de recursos, lo que permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuq44439."
    }
  ],
  "id": "CVE-2015-0680",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-28T01:59:53.833",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1031991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031991"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-2864

Vulnerability from fkie_nvd - Published: 2009-09-28 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
References
psirt@cisco.comhttp://osvdb.org/58344
psirt@cisco.comhttp://secunia.com/advisories/36836Vendor Advisory
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=18883Patch
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtmlVendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/36496
psirt@cisco.comhttp://www.securitytracker.com/id?1022931
psirt@cisco.comhttp://www.vupen.com/english/advisories/2009/2757Vendor Advisory
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/53447
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/58344
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36836Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=18883Patch
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36496
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022931
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2757Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/53447
Impacted products
Vendor Product Version
cisco unified_callmanager 5.0\(1\)
cisco unified_callmanager 5.0\(2\)
cisco unified_callmanager 5.0\(2a\)
cisco unified_callmanager 5.0\(3\)
cisco unified_callmanager 5.0\(3a\)
cisco unified_callmanager 5.0\(4\)
cisco unified_callmanager 5.0\(4a\)
cisco unified_callmanager 5.0\(4c\)
cisco unified_callmanager 5.1
cisco unified_callmanager 5.1\(1\)
cisco unified_callmanager 5.1\(1a\)
cisco unified_callmanager 5.1\(1c\)
cisco unified_callmanager 5.1\(2\)
cisco unified_callmanager 5.1\(2a\)
cisco unified_callmanager 5.1\(2b\)
cisco unified_callmanager 5.1\(3\)
cisco unified_callmanager 5.1\(3a\)
cisco unified_callmanager 5.1\(3b\)
cisco unified_callmanager 5.1\(3c\)
cisco unified_callmanager 6.0\(1\)
cisco unified_callmanager 6.0\(1a\)
cisco unified_callmanager 6.0\(1b\)
cisco unified_callmanager 6.1
cisco unified_callmanager 6.1\(1\)
cisco unified_callmanager 6.1\(1a\)
cisco unified_callmanager 6.1\(1b\)
cisco unified_callmanager 6.1\(2\)
cisco unified_communications_manager 5.1\(1b\)
cisco unified_communications_manager 5.1\(1c\)
cisco unified_communications_manager 5.1\(2\)
cisco unified_communications_manager 5.1\(2a\)
cisco unified_communications_manager 5.1\(3\)
cisco unified_communications_manager 5.1\(3a\)
cisco unified_communications_manager 5.1\(3c\)
cisco unified_communications_manager 5.1\(3d\)
cisco unified_communications_manager 5.1\(3e\)
cisco unified_communications_manager 6.1\(1\)
cisco unified_communications_manager 6.1\(1a\)
cisco unified_communications_manager 6.1\(1b\)
cisco unified_communications_manager 6.1\(2\)
cisco unified_communications_manager 6.1\(2\)su1
cisco unified_communications_manager 6.1\(2\)su1a
cisco unified_communications_manager 6.1\(3\)
cisco unified_communications_manager 7.0\(1\)
cisco unified_communications_manager 7.0\(2\)
cisco unified_communications_manager 7.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C5865997-F8B2-4ABB-96DF-3AE691A7CE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E9211420-9F35-4872-879A-5F7CA29C6299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "163B798C-B207-4CA6-AF8A-5955F5B89A56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DD4B55-4C68-45CD-988E-D470C26E5E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BC32C417-3E61-4892-9A42-C31C6D62F09D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3841B111-FEFE-4367-AFF0-B7F17D468E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5DE9B3F9-6650-4568-B5FB-C228BD367002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC17139-DB98-4C59-B29B-1B792C67EB97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "949045EF-8CB3-453A-8C4C-9B0B12775396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "569E4CE4-119A-432D-9EE0-01E19DC9E918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "99495B1F-90E6-4405-AA08-2764D6EB34DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E3E60E9F-A0F8-4B3C-9DB3-8D5BE3D5EC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "93A8CC01-1C2B-44A1-9CD6-4BD375FA8DC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "01AA0941-6BDA-4B7E-81C5-D48ADAA3B5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1D9BA114-1C07-44BF-9645-DACE14CB9A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "439FC49D-8860-4D74-B82B-A91F6B6C8DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE8E328-D5DD-4E6B-A21C-B6CE6A1784CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D47BCC3A-8D11-4BF1-BB22-98EB7A1324DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F39D409C-BC11-49BB-96D7-15954A524A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "60068FC9-8A85-42E7-A0F8-AAE190E1DD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.0\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD79B32-0F2C-4691-8458-702E68089594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3F383F7-DE21-425D-98BC-2CCB99012659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E20E884C-8F7C-4E29-8701-1CD1F63745D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E9E102AF-0603-4B4B-978C-FE76C66E9EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6C38632E-4519-4A69-ABB8-BD5991F8081D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "72BCC243-D4B8-477D-9B68-C90571F57472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1022C151-6EC8-4E8D-85ED-59D51551BDAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "239510AD-8BB0-4515-B1DA-80DE696D25DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "26277C4A-4E27-492C-B18C-AC68D86ADF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0318CF61-B892-4D44-B41A-D630B4AB808C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84A49932-1E22-4BE0-8195-926D44F65AAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE1B0DD-EA64-493B-86B7-9057EE5033C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "00ECD7C0-7F3C-4021-B949-32141E58687C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6CC94003-72B6-45C3-A07E-0A08F1562B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "958A2707-0F1A-4719-BB9F-DC9ED129105A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "48A8EE9A-458D-4619-B04D-F01A9934DC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "597D9674-F44D-4A31-A2F2-2790ED698A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2B7439-8547-41A6-AE6C-6ABCD167890E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BE122F76-ECDB-4446-825C-EF02257D8C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D0907FAF-8334-42C1-B35A-EC6ED89AC110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB47159-FA07-4317-B562-D7AB7C49E8F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77979322-F060-4DD4-A6F2-B1157664C0FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423."
    },
    {
      "lang": "es",
      "value": "Cisco Unified Communications Manager (tambi\u00e9n conocido como CUCM, antiguamente como CallManager) v5.x anterior a v5.1(3g), v6.x anterior a v6.1(4), v7.0.x anterior a v7.0(2a)su1 y v7.1.x anterior a v7.1(2) permite a usuarios remotos provocar una denegaci\u00f3n del servicio (reinicio del servicio) a trav\u00e9s de mensajes SIP malformados. Tambi\u00e9n conocido como Bug ID CSCsz95423."
    }
  ],
  "evaluatorComment": "An unauthenticated, remote attacker could exploit this vulnerability to cause the affected application to fail, resulting in a DoS condition.\r\n",
  "id": "CVE-2009-2864",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-28T19:30:01.360",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/58344"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36836"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/36496"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1022931"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2757"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-3800

Vulnerability from fkie_nvd - Published: 2008-09-26 16:21 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
References
psirt@cisco.comhttp://secunia.com/advisories/31990Third Party Advisory
psirt@cisco.comhttp://secunia.com/advisories/32013Third Party Advisory
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtmlVendor Advisory
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtmlVendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/31367Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id?1020939Broken Link, Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id?1020942Broken Link, Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/2670Permissions Required
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/2671Permissions Required
psirt@cisco.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31990Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32013Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31367Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020939Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020942Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2670Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2671Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086Broken Link
Impacted products
Vendor Product Version
cisco unified_callmanager 4.1
cisco unified_callmanager 4.2
cisco unified_callmanager 4.3
cisco unified_communications_manager 4.1
cisco unified_communications_manager 5.0
cisco unified_communications_manager 5.1
cisco unified_communications_manager 6.1
cisco ios 12.2
cisco ios 12.3
cisco ios 12.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC772518-51CC-4692-BEB2-2C9C2A215F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5E0999-9FB7-4255-A8CF-5D74E70FD56A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BA656D-4103-4BE7-9C8A-BDC9580B7E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AF68FA-433F-46F2-B309-B60A108BECFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "640BFEE2-B364-411E-B641-7471B88ED7CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0668C45B-9D25-424B-B876-C1721BFFE5DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la implementaci\u00f3n de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP est\u00e1 configurada, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de proceso o de dispositivo) a trav\u00e9s de mensajes SIP v\u00e1lidos no especificados, tambi\u00e9n conocidos como \"Cisco Bug ID CSCsu38644\". Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802."
    }
  ],
  "id": "CVE-2008-3800",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-26T16:21:44.067",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32013"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31367"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020939"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020942"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2670"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2671"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-3801

Vulnerability from fkie_nvd - Published: 2008-09-26 16:21 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
References
psirt@cisco.comhttp://secunia.com/advisories/31990Third Party Advisory
psirt@cisco.comhttp://secunia.com/advisories/32013Third Party Advisory
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtmlVendor Advisory
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtmlVendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/31367Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id?1020939Broken Link, Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id?1020942Broken Link, Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/2670Permissions Required
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/2671Permissions Required
psirt@cisco.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31990Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32013Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31367Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020939Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020942Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2670Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2671Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047Third Party Advisory
Impacted products
Vendor Product Version
cisco unified_callmanager 4.1
cisco unified_callmanager 4.2
cisco unified_callmanager 4.3
cisco unified_communications_manager 4.1
cisco unified_communications_manager 5.0
cisco unified_communications_manager 5.1
cisco unified_communications_manager 6.1
cisco ios 12.2
cisco ios 12.3
cisco ios 12.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC772518-51CC-4692-BEB2-2C9C2A215F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5E0999-9FB7-4255-A8CF-5D74E70FD56A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BA656D-4103-4BE7-9C8A-BDC9580B7E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AF68FA-433F-46F2-B309-B60A108BECFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "640BFEE2-B364-411E-B641-7471B88ED7CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0668C45B-9D25-424B-B876-C1721BFFE5DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la implementaci\u00f3n de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP est\u00e1 configurada, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de proceso o de dispositivo) a trav\u00e9s de mensajes SIP v\u00e1lidos no especificados. Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802."
    }
  ],
  "id": "CVE-2008-3801",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-26T16:21:44.080",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32013"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31367"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020939"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020942"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2670"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2671"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-1744

Vulnerability from fkie_nvd - Published: 2008-05-16 12:54 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
References
psirt@cisco.comhttp://secunia.com/advisories/30238
psirt@cisco.comhttp://securitytracker.com/id?1020022
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
psirt@cisco.comhttp://www.securityfocus.com/bid/29221
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/1533
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42415
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30238
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020022
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29221
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1533
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42415
Impacted products
Vendor Product Version
cisco unified_callmanager 4.1
cisco unified_callmanager 4.1_3_sr4
cisco unified_callmanager 4.1_3_sr5
cisco unified_callmanager 4.1_3_sr5b
cisco unified_callmanager 4.1_3_sr5c
cisco unified_communications_manager 4.2_3_sr2
cisco unified_communications_manager 4.2_3_sr2b
cisco unified_communications_manager 4.2_3_sr3
cisco unified_communications_manager 4.3
cisco unified_communications_manager 4.3_1_sr1
cisco unified_communications_manager 5.1_1
cisco unified_communications_manager 5.1_2
cisco unified_communications_manager 5.1_2a
cisco unified_communications_manager 5.1_2b
cisco unified_communications_manager 5.1_3a
cisco unified_communications_manager 6.0
cisco unified_communications_manager 6.0_1
cisco unified_communications_manager 6.0_1a
cisco unified_communications_manager 6.1
cisco unified_communications_manager 6.1_1a
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC772518-51CC-4692-BEB2-2C9C2A215F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5669BB8E-3799-46AD-9E31-96BF3F60B20D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr5:*:*:*:*:*:*:*",
              "matchCriteriaId": "236C3A89-D732-423F-9885-5B429DBDF257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DC4709-EE11-45CF-B929-A0623F254341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr5c:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A04B5A-D912-43F5-8143-21C23207F6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2_3_sr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED2283C-822A-45B1-B82B-90EEB78CD372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2_3_sr2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6A6AC6B-D3CD-4F05-A73F-61041C6DB514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2_3_sr3:*:*:*:*:*:*:*",
              "matchCriteriaId": "939CD685-4539-421F-BC12-36E641301E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3_1_sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DC0190-A028-489D-BF61-8A49A91C15B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2740B5E5-E8D2-491E-B174-A1A9DF812418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1_2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60D93DAA-0ED6-4DA5-B7A5-50D5567A6178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1_2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA1ABD3-D076-4CA6-A12D-3C3BB5080B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1_2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B14EC5-4391-4698-BF6F-2726FD28D318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1_3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F1270F-DBF6-4938-A1A0-732EE52C83E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F443F9-B454-42B3-8464-ACEA40066DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0_1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF1FDC-7096-4EE6-B9A2-0C9971F407D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1_1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "047E45A0-C0F0-4900-B5FB-8F0A5852732D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770."
    },
    {
      "lang": "es",
      "value": "El servicio Certificate Authority Proxy Function (CAPF) service de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, y 4.3 versiones anteriores a 4.3(2) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) a trav\u00e9s de tr\u00e1fico de red malformado, tambi\u00e9n conocido como Bug ID CSCsk46770."
    }
  ],
  "id": "CVE-2008-1744",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-16T12:54:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/30238"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1020022"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/29221"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2008/1533"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-0026

Vulnerability from fkie_nvd - Published: 2008-02-14 12:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
References
psirt@cisco.comhttp://secunia.com/advisories/28932Vendor Advisory
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
psirt@cisco.comhttp://www.securityfocus.com/bid/27775
psirt@cisco.comhttp://www.securitytracker.com/id?1019404
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/0542Vendor Advisory
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/40484
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28932Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27775
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019404
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0542Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40484
Impacted products
Vendor Product Version
cisco unified_callmanager 5.0
cisco unified_callmanager 5.0\(1\)
cisco unified_callmanager 5.0\(2\)
cisco unified_callmanager 5.0\(3\)
cisco unified_callmanager 5.0\(3a\)
cisco unified_callmanager 5.0\(4\)
cisco unified_callmanager 5.0_4a
cisco unified_callmanager 5.1
cisco unified_callmanager 6.0
cisco unified_communications_manager 5.0
cisco unified_communications_manager 5.0_1
cisco unified_communications_manager 5.0_2
cisco unified_communications_manager 5.0_3
cisco unified_communications_manager 5.0_3a
cisco unified_communications_manager 5.0_4
cisco unified_communications_manager 5.0_4a
cisco unified_communications_manager 5.0_4a_su1
cisco unified_communications_manager 6.0
cisco unified_communications_manager 6.0_1
cisco unified_communications_manager 6.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEF567-5F92-40BB-8581-3FCF584AAA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C5865997-F8B2-4ABB-96DF-3AE691A7CE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E9211420-9F35-4872-879A-5F7CA29C6299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DD4B55-4C68-45CD-988E-D470C26E5E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BC32C417-3E61-4892-9A42-C31C6D62F09D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0_4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "97694D13-B0A4-4AE4-9142-76F6B7C446C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC17139-DB98-4C59-B29B-1B792C67EB97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D748F22-A917-4EE3-B523-13419D826EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AF68FA-433F-46F2-B309-B60A108BECFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE62DB5-943D-43B5-BD13-D74DAA122578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0_2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D76BC6-1A59-4D74-A7C9-8C05D96E01F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "788BDB54-0970-468F-9713-14B097E1A863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0_3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAE1371-F46C-4DFD-A4A4-D609E93C4740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7AC2F39-C029-4FAB-A963-0C7F1D5A8067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0_4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "62781360-15FC-4E40-AEF8-BF01606A671B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0_4a_su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E03DCC-4DCB-4830-943F-05F7E3BB49EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F443F9-B454-42B3-8464-ACEA40066DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de la inyecci\u00f3n SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del par\u00e1metro key en las p\u00e1ginas de interfaz de (1) administrador y (2) usuario."
    }
  ],
  "id": "CVE-2008-0026",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-14T12:00:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28932"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/27775"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1019404"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0542"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-0027

Vulnerability from fkie_nvd - Published: 2008-01-17 03:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
References
psirt@cisco.comhttp://dvlabs.tippingpoint.com/advisory/TPTI-08-02
psirt@cisco.comhttp://secunia.com/advisories/28530
psirt@cisco.comhttp://securityreason.com/securityalert/3551
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtmlPatch
psirt@cisco.comhttp://www.securityfocus.com/archive/1/486432/100/0/threaded
psirt@cisco.comhttp://www.securityfocus.com/bid/27313
psirt@cisco.comhttp://www.securitytracker.com/id?1019223
psirt@cisco.comhttp://www.vupen.com/english/advisories/2008/0171
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/39704
af854a3a-2127-422b-91ae-364da2661108http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28530
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3551
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/486432/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27313
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019223
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0171
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39704
Impacted products
Vendor Product Version
cisco unified_callmanager 4.0
cisco unified_callmanager 4.1
cisco unified_callmanager 4.1\(3\)sr4
cisco unified_callmanager 4.1\(3\)sr5
cisco unified_callmanager 4.1\(3\)sr5b
cisco unified_communications_manager 4.2
cisco unified_communications_manager 4.2.3sr2
cisco unified_communications_manager 4.2.3sr2b
cisco unified_communications_manager 4.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF04567B-73C5-4ACC-9B31-5C3BAAB6E641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC772518-51CC-4692-BEB2-2C9C2A215F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr4:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A8643E-304C-4879-8CD5-209C1016DF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1FF9B0-3BEB-4256-8D50-11CD6EEF04BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D909C0AF-F213-4371-8A35-C5720B43ED90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el servicio proveedor de Listas de Certificados Confiables (CTL, Certificate Trust List) (CTLProvider.exe) en Cisco Unified Communications Manager (CUCM) 4.2 anterior a 4.2(3)SR3 y 4.3 anterior a 4.3(1)SR1, y CallManager 4.0 y 4.1 anterior a 4.1(3)SR5c, permite a atacantes remotos provocar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n larga."
    }
  ],
  "id": "CVE-2008-0027",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-17T03:00:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/28530"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securityreason.com/securityalert/3551"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/27313"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1019223"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2008/0171"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2007-5538

Vulnerability from fkie_nvd - Published: 2007-10-18 00:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
References
cve@mitre.orghttp://osvdb.org/37940
cve@mitre.orghttp://secunia.com/advisories/27296
cve@mitre.orghttp://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
cve@mitre.orghttp://www.securityfocus.com/bid/26105
cve@mitre.orghttp://www.securitytracker.com/id?1018828
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3532
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37247
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37940
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27296
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26105
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018828
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3532
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37247
Impacted products
Vendor Product Version
cisco unified_callmanager 5.0
cisco unified_communications_manager *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEF567-5F92-40BB-8581-3FCF584AAA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C144784A-941D-4919-9E21-1E2AD2738A08",
              "versionEndIncluding": "5.1\\(2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Centralized TFTP File Locator Service de Cisco Unified Communications Manager (CUCM, antes conocido como CallManager) 5.1 anterior a 5.1(3), y Unified CallManager 5.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio mediante vectores no especificados que implican el procesamiento de nombres de fichero, tambi\u00e9n conocido como CSCsh47712."
    }
  ],
  "id": "CVE-2007-5538",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-18T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37940"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2007-5537

Vulnerability from fkie_nvd - Published: 2007-10-18 00:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
References
cve@mitre.orghttp://osvdb.org/37941
cve@mitre.orghttp://secunia.com/advisories/27296
cve@mitre.orghttp://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
cve@mitre.orghttp://www.securityfocus.com/bid/26105
cve@mitre.orghttp://www.securitytracker.com/id?1018828
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3532
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37246
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37941
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27296
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26105
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018828
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3532
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37246
Impacted products
Vendor Product Version
cisco unified_callmanager 5.0
cisco unified_communications_manager *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEF567-5F92-40BB-8581-3FCF584AAA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C144784A-941D-4919-9E21-1E2AD2738A08",
              "versionEndIncluding": "5.1\\(2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
    },
    {
      "lang": "es",
      "value": "Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (kernel panic) mediante una inundaci\u00f3n de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, tambi\u00e9n conocida como, CSCsi75822."
    }
  ],
  "id": "CVE-2007-5537",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-18T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37941"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-5278

Vulnerability from fkie_nvd - Published: 2007-07-15 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
References
cve@mitre.orghttp://secunia.com/advisories/26043Third Party Advisory
cve@mitre.orghttp://securitytracker.com/id?1018369Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtmlPatch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/threats/271.htmlBroken Link
cve@mitre.orghttp://www.osvdb.org/36121Broken Link
cve@mitre.orghttp://www.securityfocus.com/bid/24868Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2512Permissions Required, Third Party Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/19057Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26043Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018369Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/threats/271.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/36121Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24868Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2512Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19057Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco unified_callmanager *
cisco unified_callmanager *
cisco unified_callmanager *
cisco unified_callmanager *
cisco unified_callmanager 5.0
cisco unified_communications_manager *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7454C447-FE60-4DAE-8241-A9416A7206A6",
              "versionEndIncluding": "3.3\\(5\\)sr2",
              "versionStartIncluding": "3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C88AFF-AC92-4CCF-869F-14E7DB9CF1C3",
              "versionEndIncluding": "4.1\\(3\\)sr4",
              "versionStartIncluding": "4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FB2FA97-9DDA-49D9-A931-D3AD130018E4",
              "versionEndIncluding": "4.2\\(3\\)sr1",
              "versionStartIncluding": "4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "487FC0BB-ACBE-479B-B7A7-33059EF3D59B",
              "versionEndIncluding": "5.1\\(2\\)",
              "versionStartIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEF567-5F92-40BB-8581-3FCF584AAA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FC80E93-195E-47EB-9D96-7CA5BCF1F73B",
              "versionEndIncluding": "4.3\\(1\\)",
              "versionStartIncluding": "4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en Real-Time Information Server (RIS) Data Collector service (RisDC.exe) de Cisco Unified Communications Manager (CUCM, anteriormente denominado CallManager) versiones anteriores a 20070711 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante paquetes manipulados, resultando en un desbordamiento de b\u00fafer basado en mont\u00edculo."
    }
  ],
  "id": "CVE-2006-5278",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-15T22:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26043"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.iss.net/threats/271.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/36121"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24868"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2512"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.iss.net/threats/271.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/36121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-0680 (GCVE-0-2015-0680)

Vulnerability from cvelistv5 – Published: 2015-03-28 01:00 – Updated: 2024-08-06 04:17
VLAI?
Summary
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/viewAlert.… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1031991 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
          },
          {
            "name": "1031991",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031991"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-01T13:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
        },
        {
          "name": "1031991",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031991"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0680",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
            },
            {
              "name": "1031991",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031991"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0680",
    "datePublished": "2015-03-28T01:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2864 (GCVE-0-2009-2864)

Vulnerability from cvelistv5 – Published: 2009-09-28 18:20 – Updated: 2024-08-07 06:07
VLAI?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/58344 vdb-entryx_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1022931 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/36836 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2757 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/36496 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:36.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "58344",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/58344"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
          },
          {
            "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
          },
          {
            "name": "1022931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022931"
          },
          {
            "name": "36836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36836"
          },
          {
            "name": "ADV-2009-2757",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2757"
          },
          {
            "name": "cisco-ucm-sip-dos(53447)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
          },
          {
            "name": "36496",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36496"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "58344",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/58344"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
        },
        {
          "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
        },
        {
          "name": "1022931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022931"
        },
        {
          "name": "36836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36836"
        },
        {
          "name": "ADV-2009-2757",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2757"
        },
        {
          "name": "cisco-ucm-sip-dos(53447)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
        },
        {
          "name": "36496",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36496"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-2864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "58344",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/58344"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
            },
            {
              "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
            },
            {
              "name": "1022931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022931"
            },
            {
              "name": "36836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36836"
            },
            {
              "name": "ADV-2009-2757",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2757"
            },
            {
              "name": "cisco-ucm-sip-dos(53447)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
            },
            {
              "name": "36496",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36496"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-2864",
    "datePublished": "2009-09-28T18:20:00",
    "dateReserved": "2009-08-19T00:00:00",
    "dateUpdated": "2024-08-07T06:07:36.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3801 (GCVE-0-2008-3801)

Vulnerability from cvelistv5 – Published: 2008-09-26 16:00 – Updated: 2024-08-07 09:52
VLAI?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/31990 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31367 vdb-entryx_refsource_BID
http://secunia.com/advisories/32013 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2670 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2671 vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1020942 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1020939 vdb-entryx_refsource_SECTRACK
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:52:59.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31990"
          },
          {
            "name": "31367",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31367"
          },
          {
            "name": "32013",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32013"
          },
          {
            "name": "ADV-2008-2670",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2670"
          },
          {
            "name": "ADV-2008-2671",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2671"
          },
          {
            "name": "oval:org.mitre.oval:def:6047",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
          },
          {
            "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
          },
          {
            "name": "1020942",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020942"
          },
          {
            "name": "1020939",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020939"
          },
          {
            "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "31990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31990"
        },
        {
          "name": "31367",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31367"
        },
        {
          "name": "32013",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32013"
        },
        {
          "name": "ADV-2008-2670",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2670"
        },
        {
          "name": "ADV-2008-2671",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2671"
        },
        {
          "name": "oval:org.mitre.oval:def:6047",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
        },
        {
          "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
        },
        {
          "name": "1020942",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020942"
        },
        {
          "name": "1020939",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020939"
        },
        {
          "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-3801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31990"
            },
            {
              "name": "31367",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31367"
            },
            {
              "name": "32013",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32013"
            },
            {
              "name": "ADV-2008-2670",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2670"
            },
            {
              "name": "ADV-2008-2671",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2671"
            },
            {
              "name": "oval:org.mitre.oval:def:6047",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
            },
            {
              "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
            },
            {
              "name": "1020942",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020942"
            },
            {
              "name": "1020939",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020939"
            },
            {
              "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-3801",
    "datePublished": "2008-09-26T16:00:00",
    "dateReserved": "2008-08-27T00:00:00",
    "dateUpdated": "2024-08-07T09:52:59.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3800 (GCVE-0-2008-3800)

Vulnerability from cvelistv5 – Published: 2008-09-26 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/31990 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31367 vdb-entryx_refsource_BID
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/32013 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2670 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2671 vdb-entryx_refsource_VUPEN
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1020942 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1020939 vdb-entryx_refsource_SECTRACK
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31990"
          },
          {
            "name": "31367",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31367"
          },
          {
            "name": "oval:org.mitre.oval:def:6086",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
          },
          {
            "name": "32013",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32013"
          },
          {
            "name": "ADV-2008-2670",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2670"
          },
          {
            "name": "ADV-2008-2671",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2671"
          },
          {
            "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
          },
          {
            "name": "1020942",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020942"
          },
          {
            "name": "1020939",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020939"
          },
          {
            "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "31990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31990"
        },
        {
          "name": "31367",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31367"
        },
        {
          "name": "oval:org.mitre.oval:def:6086",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
        },
        {
          "name": "32013",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32013"
        },
        {
          "name": "ADV-2008-2670",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2670"
        },
        {
          "name": "ADV-2008-2671",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2671"
        },
        {
          "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
        },
        {
          "name": "1020942",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020942"
        },
        {
          "name": "1020939",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020939"
        },
        {
          "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-3800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31990"
            },
            {
              "name": "31367",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31367"
            },
            {
              "name": "oval:org.mitre.oval:def:6086",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
            },
            {
              "name": "32013",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32013"
            },
            {
              "name": "ADV-2008-2670",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2670"
            },
            {
              "name": "ADV-2008-2671",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2671"
            },
            {
              "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
            },
            {
              "name": "1020942",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020942"
            },
            {
              "name": "1020939",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020939"
            },
            {
              "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-3800",
    "datePublished": "2008-09-26T16:00:00",
    "dateReserved": "2008-08-27T00:00:00",
    "dateUpdated": "2024-08-07T09:53:00.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1744 (GCVE-0-2008-1744)

Vulnerability from cvelistv5 – Published: 2008-05-16 06:54 – Updated: 2024-08-07 08:32
VLAI?
Summary
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.vupen.com/english/advisories/2008/1533 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/29221 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/30238 third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1020022 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
          },
          {
            "name": "ADV-2008-1533",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1533"
          },
          {
            "name": "29221",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29221"
          },
          {
            "name": "cucm-capf-dos(42415)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
          },
          {
            "name": "30238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30238"
          },
          {
            "name": "1020022",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020022"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
        },
        {
          "name": "ADV-2008-1533",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1533"
        },
        {
          "name": "29221",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29221"
        },
        {
          "name": "cucm-capf-dos(42415)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
        },
        {
          "name": "30238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30238"
        },
        {
          "name": "1020022",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-1744",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
            },
            {
              "name": "ADV-2008-1533",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1533"
            },
            {
              "name": "29221",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29221"
            },
            {
              "name": "cucm-capf-dos(42415)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
            },
            {
              "name": "30238",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30238"
            },
            {
              "name": "1020022",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-1744",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-04-11T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0026 (GCVE-0-2008-0026)

Vulnerability from cvelistv5 – Published: 2008-02-14 11:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/27775 vdb-entryx_refsource_BID
http://secunia.com/advisories/28932 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1019404 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/0542 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:24.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27775"
          },
          {
            "name": "28932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28932"
          },
          {
            "name": "cucm-interface-sql-injection(40484)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
          },
          {
            "name": "20080213 SQL injection in Cisco Unified Communications Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
          },
          {
            "name": "1019404",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019404"
          },
          {
            "name": "ADV-2008-0542",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0542"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "27775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27775"
        },
        {
          "name": "28932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28932"
        },
        {
          "name": "cucm-interface-sql-injection(40484)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
        },
        {
          "name": "20080213 SQL injection in Cisco Unified Communications Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
        },
        {
          "name": "1019404",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019404"
        },
        {
          "name": "ADV-2008-0542",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0542"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-0026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27775"
            },
            {
              "name": "28932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28932"
            },
            {
              "name": "cucm-interface-sql-injection(40484)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
            },
            {
              "name": "20080213 SQL injection in Cisco Unified Communications Manager",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
            },
            {
              "name": "1019404",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019404"
            },
            {
              "name": "ADV-2008-0542",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0542"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-0026",
    "datePublished": "2008-02-14T11:00:00",
    "dateReserved": "2007-12-17T00:00:00",
    "dateUpdated": "2024-08-07T07:32:24.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0027 (GCVE-0-2008-0027)

Vulnerability from cvelistv5 – Published: 2008-01-17 02:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/archive/1/486432/100… mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/0171 vdb-entryx_refsource_VUPEN
http://securityreason.com/securityalert/3551 third-party-advisoryx_refsource_SREASON
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securitytracker.com/id?1019223 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/27313 vdb-entryx_refsource_BID
http://secunia.com/advisories/28530 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
          },
          {
            "name": "ADV-2008-0171",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0171"
          },
          {
            "name": "3551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3551"
          },
          {
            "name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
          },
          {
            "name": "cisco-cucm-ctl-bo(39704)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
          },
          {
            "name": "1019223",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019223"
          },
          {
            "name": "27313",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27313"
          },
          {
            "name": "28530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28530"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
        },
        {
          "name": "ADV-2008-0171",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0171"
        },
        {
          "name": "3551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3551"
        },
        {
          "name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
        },
        {
          "name": "cisco-cucm-ctl-bo(39704)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
        },
        {
          "name": "1019223",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019223"
        },
        {
          "name": "27313",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27313"
        },
        {
          "name": "28530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28530"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-0027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
            },
            {
              "name": "ADV-2008-0171",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0171"
            },
            {
              "name": "3551",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3551"
            },
            {
              "name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
            },
            {
              "name": "cisco-cucm-ctl-bo(39704)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
            },
            {
              "name": "1019223",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019223"
            },
            {
              "name": "27313",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27313"
            },
            {
              "name": "28530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28530"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-0027",
    "datePublished": "2008-01-17T02:00:00",
    "dateReserved": "2007-12-17T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5537 (GCVE-0-2007-5537)

Vulnerability from cvelistv5 – Published: 2007-10-18 00:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/26105 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2007/3532 vdb-entryx_refsource_VUPEN
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://osvdb.org/37941 vdb-entryx_refsource_OSVDB
http://www.securitytracker.com/id?1018828 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/27296 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:59.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26105",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "cucm-sip-invite-dos(37246)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
          },
          {
            "name": "ADV-2007-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "37941",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37941"
          },
          {
            "name": "1018828",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26105",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26105"
        },
        {
          "name": "cucm-sip-invite-dos(37246)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
        },
        {
          "name": "ADV-2007-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3532"
        },
        {
          "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
        },
        {
          "name": "37941",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37941"
        },
        {
          "name": "1018828",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018828"
        },
        {
          "name": "27296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26105",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "cucm-sip-invite-dos(37246)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "37941",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37941"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5537",
    "datePublished": "2007-10-18T00:00:00",
    "dateReserved": "2007-10-17T00:00:00",
    "dateUpdated": "2024-08-07T15:31:59.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5538 (GCVE-0-2007-5538)

Vulnerability from cvelistv5 – Published: 2007-10-18 00:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/26105 vdb-entryx_refsource_BID
http://osvdb.org/37940 vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/3532 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1018828 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/27296 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:59.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26105",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "37940",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37940"
          },
          {
            "name": "ADV-2007-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "cucm-tftp-filename-bo(37247)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "1018828",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26105",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26105"
        },
        {
          "name": "37940",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37940"
        },
        {
          "name": "ADV-2007-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3532"
        },
        {
          "name": "cucm-tftp-filename-bo(37247)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
        },
        {
          "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
        },
        {
          "name": "1018828",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018828"
        },
        {
          "name": "27296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26105",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "37940",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37940"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "cucm-tftp-filename-bo(37247)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
            },
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5538",
    "datePublished": "2007-10-18T00:00:00",
    "dateReserved": "2007-10-17T00:00:00",
    "dateUpdated": "2024-08-07T15:31:59.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5278 (GCVE-0-2006-5278)

Vulnerability from cvelistv5 – Published: 2007-07-15 22:00 – Updated: 2024-08-07 19:48
VLAI?
Summary
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.iss.net/threats/271.html third-party-advisoryx_refsource_ISS
http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
http://www.vupen.com/english/advisories/2007/2512 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/26043 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/24868 vdb-entryx_refsource_BID
http://securitytracker.com/id?1018369 vdb-entryx_refsource_SECTRACK
http://www.osvdb.org/36121 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:28.521Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "negative-integer-bo(19057)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
          },
          {
            "name": "20070711 Cisco Call Manager RisDC.exe Remote Code Execution",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://www.iss.net/threats/271.html"
          },
          {
            "name": "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
          },
          {
            "name": "ADV-2007-2512",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2512"
          },
          {
            "name": "26043",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26043"
          },
          {
            "name": "24868",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24868"
          },
          {
            "name": "1018369",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018369"
          },
          {
            "name": "36121",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/36121"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "negative-integer-bo(19057)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
        },
        {
          "name": "20070711 Cisco Call Manager RisDC.exe Remote Code Execution",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://www.iss.net/threats/271.html"
        },
        {
          "name": "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
        },
        {
          "name": "ADV-2007-2512",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2512"
        },
        {
          "name": "26043",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26043"
        },
        {
          "name": "24868",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24868"
        },
        {
          "name": "1018369",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018369"
        },
        {
          "name": "36121",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/36121"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5278",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "negative-integer-bo(19057)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
            },
            {
              "name": "20070711 Cisco Call Manager RisDC.exe Remote Code Execution",
              "refsource": "ISS",
              "url": "http://www.iss.net/threats/271.html"
            },
            {
              "name": "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
            },
            {
              "name": "ADV-2007-2512",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2512"
            },
            {
              "name": "26043",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26043"
            },
            {
              "name": "24868",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24868"
            },
            {
              "name": "1018369",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018369"
            },
            {
              "name": "36121",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/36121"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5278",
    "datePublished": "2007-07-15T22:00:00",
    "dateReserved": "2006-10-13T00:00:00",
    "dateUpdated": "2024-08-07T19:48:28.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0680 (GCVE-0-2015-0680)

Vulnerability from nvd – Published: 2015-03-28 01:00 – Updated: 2024-08-06 04:17
VLAI?
Summary
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/viewAlert.… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1031991 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
          },
          {
            "name": "1031991",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031991"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-01T13:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
        },
        {
          "name": "1031991",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031991"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0680",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150327 Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38079"
            },
            {
              "name": "1031991",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031991"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0680",
    "datePublished": "2015-03-28T01:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2864 (GCVE-0-2009-2864)

Vulnerability from nvd – Published: 2009-09-28 18:20 – Updated: 2024-08-07 06:07
VLAI?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/58344 vdb-entryx_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.… x_refsource_CONFIRM
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1022931 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/36836 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2757 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/36496 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:36.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "58344",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/58344"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
          },
          {
            "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
          },
          {
            "name": "1022931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022931"
          },
          {
            "name": "36836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36836"
          },
          {
            "name": "ADV-2009-2757",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2757"
          },
          {
            "name": "cisco-ucm-sip-dos(53447)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
          },
          {
            "name": "36496",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36496"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "58344",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/58344"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
        },
        {
          "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
        },
        {
          "name": "1022931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022931"
        },
        {
          "name": "36836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36836"
        },
        {
          "name": "ADV-2009-2757",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2757"
        },
        {
          "name": "cisco-ucm-sip-dos(53447)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
        },
        {
          "name": "36496",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36496"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-2864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "58344",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/58344"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
            },
            {
              "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
            },
            {
              "name": "1022931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022931"
            },
            {
              "name": "36836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36836"
            },
            {
              "name": "ADV-2009-2757",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2757"
            },
            {
              "name": "cisco-ucm-sip-dos(53447)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
            },
            {
              "name": "36496",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36496"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-2864",
    "datePublished": "2009-09-28T18:20:00",
    "dateReserved": "2009-08-19T00:00:00",
    "dateUpdated": "2024-08-07T06:07:36.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3801 (GCVE-0-2008-3801)

Vulnerability from nvd – Published: 2008-09-26 16:00 – Updated: 2024-08-07 09:52
VLAI?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/31990 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31367 vdb-entryx_refsource_BID
http://secunia.com/advisories/32013 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2670 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2671 vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1020942 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1020939 vdb-entryx_refsource_SECTRACK
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:52:59.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31990"
          },
          {
            "name": "31367",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31367"
          },
          {
            "name": "32013",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32013"
          },
          {
            "name": "ADV-2008-2670",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2670"
          },
          {
            "name": "ADV-2008-2671",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2671"
          },
          {
            "name": "oval:org.mitre.oval:def:6047",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
          },
          {
            "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
          },
          {
            "name": "1020942",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020942"
          },
          {
            "name": "1020939",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020939"
          },
          {
            "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "31990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31990"
        },
        {
          "name": "31367",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31367"
        },
        {
          "name": "32013",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32013"
        },
        {
          "name": "ADV-2008-2670",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2670"
        },
        {
          "name": "ADV-2008-2671",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2671"
        },
        {
          "name": "oval:org.mitre.oval:def:6047",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
        },
        {
          "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
        },
        {
          "name": "1020942",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020942"
        },
        {
          "name": "1020939",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020939"
        },
        {
          "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-3801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31990"
            },
            {
              "name": "31367",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31367"
            },
            {
              "name": "32013",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32013"
            },
            {
              "name": "ADV-2008-2670",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2670"
            },
            {
              "name": "ADV-2008-2671",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2671"
            },
            {
              "name": "oval:org.mitre.oval:def:6047",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047"
            },
            {
              "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
            },
            {
              "name": "1020942",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020942"
            },
            {
              "name": "1020939",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020939"
            },
            {
              "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-3801",
    "datePublished": "2008-09-26T16:00:00",
    "dateReserved": "2008-08-27T00:00:00",
    "dateUpdated": "2024-08-07T09:52:59.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3800 (GCVE-0-2008-3800)

Vulnerability from nvd – Published: 2008-09-26 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/31990 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31367 vdb-entryx_refsource_BID
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/32013 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2670 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2671 vdb-entryx_refsource_VUPEN
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1020942 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1020939 vdb-entryx_refsource_SECTRACK
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31990"
          },
          {
            "name": "31367",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31367"
          },
          {
            "name": "oval:org.mitre.oval:def:6086",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
          },
          {
            "name": "32013",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32013"
          },
          {
            "name": "ADV-2008-2670",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2670"
          },
          {
            "name": "ADV-2008-2671",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2671"
          },
          {
            "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
          },
          {
            "name": "1020942",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020942"
          },
          {
            "name": "1020939",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020939"
          },
          {
            "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "31990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31990"
        },
        {
          "name": "31367",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31367"
        },
        {
          "name": "oval:org.mitre.oval:def:6086",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
        },
        {
          "name": "32013",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32013"
        },
        {
          "name": "ADV-2008-2670",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2670"
        },
        {
          "name": "ADV-2008-2671",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2671"
        },
        {
          "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
        },
        {
          "name": "1020942",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020942"
        },
        {
          "name": "1020939",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020939"
        },
        {
          "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-3800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31990",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31990"
            },
            {
              "name": "31367",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31367"
            },
            {
              "name": "oval:org.mitre.oval:def:6086",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
            },
            {
              "name": "32013",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32013"
            },
            {
              "name": "ADV-2008-2670",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2670"
            },
            {
              "name": "ADV-2008-2671",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2671"
            },
            {
              "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
            },
            {
              "name": "1020942",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020942"
            },
            {
              "name": "1020939",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020939"
            },
            {
              "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-3800",
    "datePublished": "2008-09-26T16:00:00",
    "dateReserved": "2008-08-27T00:00:00",
    "dateUpdated": "2024-08-07T09:53:00.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1744 (GCVE-0-2008-1744)

Vulnerability from nvd – Published: 2008-05-16 06:54 – Updated: 2024-08-07 08:32
VLAI?
Summary
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.vupen.com/english/advisories/2008/1533 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/29221 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/30238 third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1020022 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
          },
          {
            "name": "ADV-2008-1533",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1533"
          },
          {
            "name": "29221",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29221"
          },
          {
            "name": "cucm-capf-dos(42415)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
          },
          {
            "name": "30238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30238"
          },
          {
            "name": "1020022",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020022"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
        },
        {
          "name": "ADV-2008-1533",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1533"
        },
        {
          "name": "29221",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29221"
        },
        {
          "name": "cucm-capf-dos(42415)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
        },
        {
          "name": "30238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30238"
        },
        {
          "name": "1020022",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-1744",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
            },
            {
              "name": "ADV-2008-1533",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1533"
            },
            {
              "name": "29221",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29221"
            },
            {
              "name": "cucm-capf-dos(42415)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
            },
            {
              "name": "30238",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30238"
            },
            {
              "name": "1020022",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-1744",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-04-11T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0026 (GCVE-0-2008-0026)

Vulnerability from nvd – Published: 2008-02-14 11:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/27775 vdb-entryx_refsource_BID
http://secunia.com/advisories/28932 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1019404 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/0542 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:24.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27775"
          },
          {
            "name": "28932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28932"
          },
          {
            "name": "cucm-interface-sql-injection(40484)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
          },
          {
            "name": "20080213 SQL injection in Cisco Unified Communications Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
          },
          {
            "name": "1019404",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019404"
          },
          {
            "name": "ADV-2008-0542",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0542"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "27775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27775"
        },
        {
          "name": "28932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28932"
        },
        {
          "name": "cucm-interface-sql-injection(40484)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
        },
        {
          "name": "20080213 SQL injection in Cisco Unified Communications Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
        },
        {
          "name": "1019404",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019404"
        },
        {
          "name": "ADV-2008-0542",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0542"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-0026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27775"
            },
            {
              "name": "28932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28932"
            },
            {
              "name": "cucm-interface-sql-injection(40484)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484"
            },
            {
              "name": "20080213 SQL injection in Cisco Unified Communications Manager",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml"
            },
            {
              "name": "1019404",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019404"
            },
            {
              "name": "ADV-2008-0542",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0542"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-0026",
    "datePublished": "2008-02-14T11:00:00",
    "dateReserved": "2007-12-17T00:00:00",
    "dateUpdated": "2024-08-07T07:32:24.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0027 (GCVE-0-2008-0027)

Vulnerability from nvd – Published: 2008-01-17 02:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/archive/1/486432/100… mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/0171 vdb-entryx_refsource_VUPEN
http://securityreason.com/securityalert/3551 third-party-advisoryx_refsource_SREASON
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securitytracker.com/id?1019223 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/27313 vdb-entryx_refsource_BID
http://secunia.com/advisories/28530 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
          },
          {
            "name": "ADV-2008-0171",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0171"
          },
          {
            "name": "3551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3551"
          },
          {
            "name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
          },
          {
            "name": "cisco-cucm-ctl-bo(39704)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
          },
          {
            "name": "1019223",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019223"
          },
          {
            "name": "27313",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27313"
          },
          {
            "name": "28530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28530"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
        },
        {
          "name": "ADV-2008-0171",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0171"
        },
        {
          "name": "3551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3551"
        },
        {
          "name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
        },
        {
          "name": "cisco-cucm-ctl-bo(39704)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
        },
        {
          "name": "1019223",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019223"
        },
        {
          "name": "27313",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27313"
        },
        {
          "name": "28530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28530"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-0027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
            },
            {
              "name": "ADV-2008-0171",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0171"
            },
            {
              "name": "3551",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3551"
            },
            {
              "name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
            },
            {
              "name": "cisco-cucm-ctl-bo(39704)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
            },
            {
              "name": "1019223",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019223"
            },
            {
              "name": "27313",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27313"
            },
            {
              "name": "28530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28530"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-0027",
    "datePublished": "2008-01-17T02:00:00",
    "dateReserved": "2007-12-17T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5537 (GCVE-0-2007-5537)

Vulnerability from nvd – Published: 2007-10-18 00:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/26105 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2007/3532 vdb-entryx_refsource_VUPEN
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://osvdb.org/37941 vdb-entryx_refsource_OSVDB
http://www.securitytracker.com/id?1018828 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/27296 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:59.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26105",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "cucm-sip-invite-dos(37246)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
          },
          {
            "name": "ADV-2007-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "37941",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37941"
          },
          {
            "name": "1018828",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26105",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26105"
        },
        {
          "name": "cucm-sip-invite-dos(37246)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
        },
        {
          "name": "ADV-2007-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3532"
        },
        {
          "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
        },
        {
          "name": "37941",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37941"
        },
        {
          "name": "1018828",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018828"
        },
        {
          "name": "27296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26105",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "cucm-sip-invite-dos(37246)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "37941",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37941"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5537",
    "datePublished": "2007-10-18T00:00:00",
    "dateReserved": "2007-10-17T00:00:00",
    "dateUpdated": "2024-08-07T15:31:59.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5538 (GCVE-0-2007-5538)

Vulnerability from nvd – Published: 2007-10-18 00:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/26105 vdb-entryx_refsource_BID
http://osvdb.org/37940 vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/3532 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id?1018828 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/27296 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:59.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26105",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "37940",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37940"
          },
          {
            "name": "ADV-2007-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "cucm-tftp-filename-bo(37247)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "1018828",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26105",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26105"
        },
        {
          "name": "37940",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37940"
        },
        {
          "name": "ADV-2007-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3532"
        },
        {
          "name": "cucm-tftp-filename-bo(37247)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
        },
        {
          "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
        },
        {
          "name": "1018828",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018828"
        },
        {
          "name": "27296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26105",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "37940",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37940"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "cucm-tftp-filename-bo(37247)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
            },
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5538",
    "datePublished": "2007-10-18T00:00:00",
    "dateReserved": "2007-10-17T00:00:00",
    "dateUpdated": "2024-08-07T15:31:59.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5278 (GCVE-0-2006-5278)

Vulnerability from nvd – Published: 2007-07-15 22:00 – Updated: 2024-08-07 19:48
VLAI?
Summary
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.iss.net/threats/271.html third-party-advisoryx_refsource_ISS
http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
http://www.vupen.com/english/advisories/2007/2512 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/26043 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/24868 vdb-entryx_refsource_BID
http://securitytracker.com/id?1018369 vdb-entryx_refsource_SECTRACK
http://www.osvdb.org/36121 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:28.521Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "negative-integer-bo(19057)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
          },
          {
            "name": "20070711 Cisco Call Manager RisDC.exe Remote Code Execution",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://www.iss.net/threats/271.html"
          },
          {
            "name": "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
          },
          {
            "name": "ADV-2007-2512",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2512"
          },
          {
            "name": "26043",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26043"
          },
          {
            "name": "24868",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24868"
          },
          {
            "name": "1018369",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018369"
          },
          {
            "name": "36121",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/36121"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "negative-integer-bo(19057)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
        },
        {
          "name": "20070711 Cisco Call Manager RisDC.exe Remote Code Execution",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://www.iss.net/threats/271.html"
        },
        {
          "name": "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
        },
        {
          "name": "ADV-2007-2512",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2512"
        },
        {
          "name": "26043",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26043"
        },
        {
          "name": "24868",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24868"
        },
        {
          "name": "1018369",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018369"
        },
        {
          "name": "36121",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/36121"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5278",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "negative-integer-bo(19057)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
            },
            {
              "name": "20070711 Cisco Call Manager RisDC.exe Remote Code Execution",
              "refsource": "ISS",
              "url": "http://www.iss.net/threats/271.html"
            },
            {
              "name": "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
            },
            {
              "name": "ADV-2007-2512",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2512"
            },
            {
              "name": "26043",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26043"
            },
            {
              "name": "24868",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24868"
            },
            {
              "name": "1018369",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018369"
            },
            {
              "name": "36121",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/36121"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5278",
    "datePublished": "2007-07-15T22:00:00",
    "dateReserved": "2006-10-13T00:00:00",
    "dateUpdated": "2024-08-07T19:48:28.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}