cvelistv5 - cve-2008-1158

CVE-2008-1158 (GCVE-0-2008-1158)

Vulnerability from cvelistv5 – Published: 2008-05-16 06:54 – Updated: 2024-08-07 08:08

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/29219	vdb-entryx_refsource_BID
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2008/1534	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1020023	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/30240	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29219",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29219"
          },
          {
            "name": "20080514 Cisco Unified Presence Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
          },
          {
            "name": "cisco-unifiedpresence-presenceengine-dos(42412)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
          },
          {
            "name": "ADV-2008-1534",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1534"
          },
          {
            "name": "1020023",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020023"
          },
          {
            "name": "30240",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30240"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "29219",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29219"
        },
        {
          "name": "20080514 Cisco Unified Presence Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
        },
        {
          "name": "cisco-unifiedpresence-presenceengine-dos(42412)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
        },
        {
          "name": "ADV-2008-1534",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1534"
        },
        {
          "name": "1020023",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020023"
        },
        {
          "name": "30240",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30240"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-1158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29219",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29219"
            },
            {
              "name": "20080514 Cisco Unified Presence Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
            },
            {
              "name": "cisco-unifiedpresence-presenceengine-dos(42412)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
            },
            {
              "name": "ADV-2008-1534",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1534"
            },
            {
              "name": "1020023",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020023"
            },
            {
              "name": "30240",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30240"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-1158",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-03-05T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C9B1A89-6A54-4BA7-9980-3EB46C650FFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F897DA4-E313-45C8-A4FB-52404D6541BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_presence_server:1.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22B299D9-A18B-41D9-B976-57AFDAA751DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_presence_server:1.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDA3BA5D-2CEB-4AAC-8CB4-4A2CDC574076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_presence_server:1.0\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9465A4F0-44C0-4A43-962E-0CCEADA05533\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.\"}, {\"lang\": \"es\", \"value\": \"El servicio Presence Engine (PE) de Cisco Unified Presence versiones anteriores a 6.0(1) permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (core dump e interrupci\\u00f3n del servicio) a trav\\u00e9s de paquetes malformados, tambi\\u00e9n conocido como Bug ID CSCsh50164.\"}]",
      "id": "CVE-2008-1158",
      "lastModified": "2024-11-21T00:43:48.890",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-05-16T12:54:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/30240\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://securitytracker.com/id?1020023\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/29219\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1534\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42412\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/30240\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1020023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1534\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42412\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1158\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2008-05-16T12:54:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.\"},{\"lang\":\"es\",\"value\":\"El servicio Presence Engine (PE) de Cisco Unified Presence versiones anteriores a 6.0(1) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (core dump e interrupci\u00f3n del servicio) a trav\u00e9s de paquetes malformados, tambi\u00e9n conocido como Bug ID CSCsh50164.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C9B1A89-6A54-4BA7-9980-3EB46C650FFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F897DA4-E313-45C8-A4FB-52404D6541BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_presence_server:1.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22B299D9-A18B-41D9-B976-57AFDAA751DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_presence_server:1.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA3BA5D-2CEB-4AAC-8CB4-4A2CDC574076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_presence_server:1.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9465A4F0-44C0-4A43-962E-0CCEADA05533\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/30240\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://securitytracker.com/id?1020023\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/29219\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1534\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42412\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/30240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1020023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-1158

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1158

Aliases

CVE-2008-1158

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1158",
    "description": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.",
    "id": "GSD-2008-1158"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1158"
      ],
      "details": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.",
      "id": "GSD-2008-1158",
      "modified": "2023-12-13T01:23:03.561893Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2008-1158",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "29219",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29219"
          },
          {
            "name": "20080514 Cisco Unified Presence Denial of Service Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
          },
          {
            "name": "cisco-unifiedpresence-presenceengine-dos(42412)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
          },
          {
            "name": "ADV-2008-1534",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1534"
          },
          {
            "name": "1020023",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020023"
          },
          {
            "name": "30240",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30240"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-1158"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080514 Cisco Unified Presence Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
            },
            {
              "name": "29219",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29219"
            },
            {
              "name": "1020023",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020023"
            },
            {
              "name": "30240",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30240"
            },
            {
              "name": "ADV-2008-1534",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1534"
            },
            {
              "name": "cisco-unifiedpresence-presenceengine-dos(42412)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-05-16T12:54Z"
    }
  }
}

VAR-200805-0197

Vulnerability from variot - Updated: 2023-12-18 12:32

The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. Denial of service due to packets intentionally created by a remote attacker (DoS) There is a possibility of being put into a state. The problem is Bug ID : CSCsh50164 It is a problem.Please refer to the “Overview” for the impact of this vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. The CISCO AKA number is CSCsh50164. ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

The vulnerabilities affect version 1.0.

SOLUTION: Upgrade to version 6.0(3). http://www.cisco.com/pcgi-bin/tablebuild.pl/cup-60?psrtdcat20e2

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200805-0197",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "unified presence",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.0\\(2\\)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.0\\(1\\)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.0\\(3\\)"
      },
      {
        "model": "unified presence",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(2)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "unified presence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      },
      {
        "model": "unified presence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0(3)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "29219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-1158",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-1158",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-31283",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-1158",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200805-189",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31283",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. Denial of service due to packets intentionally created by a remote attacker (DoS) There is a possibility of being put into a state. The problem is Bug ID : CSCsh50164 It is a problem.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. The CISCO AKA number is CSCsh50164. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nThe vulnerabilities affect version 1.0. \n\nSOLUTION:\nUpgrade to version 6.0(3). \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/cup-60?psrtdcat20e2\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "db": "BID",
        "id": "29219"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "db": "PACKETSTORM",
        "id": "66439"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-1158",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "29219",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "30240",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1020023",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1534",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20080514 CISCO UNIFIED PRESENCE DENIAL OF SERVICE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "42412",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-31283",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66439",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "db": "BID",
        "id": "29219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "db": "PACKETSTORM",
        "id": "66439"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ]
  },
  "id": "VAR-200805-0197",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31283"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:32:03.512000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20080514-cup",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080995682.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/29219"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080995682.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1020023"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/30240"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/1534"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1158"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1158"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/42412"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/1534"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6837/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/492092"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30240/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/cup-60?psrtdcat20e2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12424/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "db": "BID",
        "id": "29219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "db": "PACKETSTORM",
        "id": "66439"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "db": "BID",
        "id": "29219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "db": "PACKETSTORM",
        "id": "66439"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-05-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "date": "2008-05-14T00:00:00",
        "db": "BID",
        "id": "29219"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "date": "2008-05-19T18:31:39",
        "db": "PACKETSTORM",
        "id": "66439"
      },
      {
        "date": "2008-05-16T12:54:00",
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "date": "2008-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31283"
      },
      {
        "date": "2008-05-14T23:55:00",
        "db": "BID",
        "id": "29219"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      },
      {
        "date": "2017-08-08T01:29:55.057000",
        "db": "NVD",
        "id": "CVE-2008-1158"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Presence Engine Service In  IP Service disruption due to packets  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002009"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-189"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2008-AVI-254

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans les produits Cisco Unified Presence. L'exploitation de ces dernières peut entraîner, à distance, le dysfonctionnement de certains services.

Description

Plusieurs vulnérabilités ont été identifiées dans les produits Cisco Unified Presence. Elles impliquent différents services dont :

le service Presence Engine (PE) ;
le service mandataire pour SIP, ou SIP Proxy.

Une personne malveillante peut exploiter ces vulnérabilités à distance par le biais de trames spécialement construites afin de perturber le fonctionnement de ces services.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Les versions de Cisco Unified Presence antérieures à 6.0(3).

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 100996 du 14 mai 2008	None	vendor-advisory
Bulletin de sécurité Cisco 20080514-cup du 14 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les versions de Cisco Unified Presence ant\u00e9rieures \u00e0 6.0(3).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Cisco\nUnified Presence. Elles impliquent diff\u00e9rents services dont :\n\n-   le service Presence Engine (PE) ;\n-   le service mandataire pour SIP, ou SIP Proxy.\n\nUne personne malveillante peut exploiter ces vuln\u00e9rabilit\u00e9s \u00e0 distance\npar le biais de trames sp\u00e9cialement construites afin de perturber le\nfonctionnement de ces services.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1740"
    },
    {
      "name": "CVE-2008-1158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1158"
    },
    {
      "name": "CVE-2008-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1741"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080514-cup du 14 mai 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml"
    }
  ],
  "reference": "CERTA-2008-AVI-254",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Cisco\nUnified Presence. L\u0027exploitation de ces derni\u00e8res peut entra\u00eener, \u00e0\ndistance, le dysfonctionnement de certains services.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Cisco Unified Presence",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 100996 du 14 mai 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-254

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans les produits Cisco Unified Presence. L'exploitation de ces dernières peut entraîner, à distance, le dysfonctionnement de certains services.

Description

Plusieurs vulnérabilités ont été identifiées dans les produits Cisco Unified Presence. Elles impliquent différents services dont :

le service Presence Engine (PE) ;
le service mandataire pour SIP, ou SIP Proxy.

Une personne malveillante peut exploiter ces vulnérabilités à distance par le biais de trames spécialement construites afin de perturber le fonctionnement de ces services.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Les versions de Cisco Unified Presence antérieures à 6.0(3).

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 100996 du 14 mai 2008	None	vendor-advisory
Bulletin de sécurité Cisco 20080514-cup du 14 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les versions de Cisco Unified Presence ant\u00e9rieures \u00e0 6.0(3).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Cisco\nUnified Presence. Elles impliquent diff\u00e9rents services dont :\n\n-   le service Presence Engine (PE) ;\n-   le service mandataire pour SIP, ou SIP Proxy.\n\nUne personne malveillante peut exploiter ces vuln\u00e9rabilit\u00e9s \u00e0 distance\npar le biais de trames sp\u00e9cialement construites afin de perturber le\nfonctionnement de ces services.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1740"
    },
    {
      "name": "CVE-2008-1158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1158"
    },
    {
      "name": "CVE-2008-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1741"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080514-cup du 14 mai 2008 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml"
    }
  ],
  "reference": "CERTA-2008-AVI-254",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Cisco\nUnified Presence. L\u0027exploitation de ces derni\u00e8res peut entra\u00eener, \u00e0\ndistance, le dysfonctionnement de certains services.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Cisco Unified Presence",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 100996 du 14 mai 2008",
      "url": null
    }
  ]
}

GHSA-X56X-34V5-JWGX

Vulnerability from github – Published: 2022-05-01 23:37 – Updated: 2022-05-01 23:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-16T12:54:00Z",
    "severity": "HIGH"
  },
  "details": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.",
  "id": "GHSA-x56x-34v5-jwgx",
  "modified": "2022-05-01T23:37:17Z",
  "published": "2022-05-01T23:37:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1158"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30240"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020023"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29219"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1534"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-1158

Vulnerability from fkie_nvd - Published: 2008-05-16 12:54 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://secunia.com/advisories/30240
	psirt@cisco.com	http://securitytracker.com/id?1020023
	psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml
	psirt@cisco.com	http://www.securityfocus.com/bid/29219
	psirt@cisco.com	http://www.vupen.com/english/advisories/2008/1534
	psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/42412
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30240
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020023
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29219
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1534
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42412

Impacted products

Vendor	Product	Version
cisco	unified_presence	6.0
cisco	unified_presence_server	1.0
cisco	unified_presence_server	1.0\(1\)
cisco	unified_presence_server	1.0\(2\)
cisco	unified_presence_server	1.0\(3\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F897DA4-E313-45C8-A4FB-52404D6541BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "22B299D9-A18B-41D9-B976-57AFDAA751DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA3BA5D-2CEB-4AAC-8CB4-4A2CDC574076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9465A4F0-44C0-4A43-962E-0CCEADA05533",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164."
    },
    {
      "lang": "es",
      "value": "El servicio Presence Engine (PE) de Cisco Unified Presence versiones anteriores a 6.0(1) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (core dump e interrupci\u00f3n del servicio) a trav\u00e9s de paquetes malformados, tambi\u00e9n conocido como Bug ID CSCsh50164."
    }
  ],
  "id": "CVE-2008-1158",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-16T12:54:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/30240"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1020023"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/29219"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2008/1534"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42412"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1158 (GCVE-0-2008-1158)

GSD-2008-1158

VAR-200805-0197

CERTA-2008-AVI-254

Description

Solution

CERTA-2008-AVI-254

Description

Solution

GHSA-X56X-34V5-JWGX

FKIE_CVE-2008-1158

Tags

Sightings

Nomenclature