7.8

CVE-2008-1748

Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoUnified Communications Manager Version >= 4.1 < 4.1\(3\)sr7
CiscoUnified Communications Manager Version >= 4.2 < 4.2\(3\)sr4
CiscoUnified Communications Manager Version >= 4.3 < 4.3\(2\)
CiscoUnified Communications Manager Version >= 5.0 < 5.1\(3\)
CiscoUnified Communications Manager Version >= 6.0 < 6.1\(1\)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.45% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/30238
Third Party Advisory
http://securitytracker.com/id?1020022
Third Party Advisory
VDB Entry
http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
Patch
Vendor Advisory
http://www.securityfocus.com/bid/29221
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/1533
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/42419
Third Party Advisory
VDB Entry