CVE-2008-2062
https://notcve.org/view.php?id=CVE-2008-2062
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. El Servicio Real-Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) versiones anteriores a la 4.2(3)SR4 y 4.3 versiones anterieos a la 4.3(2)SR1, permite a atacantes remotos evitar la autenticación y obtener información sobre la configuración en cluster y estadísticas, a través de una conexión directa TCP al puerto de servicio, también conocida como Bug ID CSCsq35151. • http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29935 http://www.securitytracker.com/id?1020361 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43355 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2061
https://notcve.org/view.php?id=CVE-2008-2061
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. El Servicio Computer Telephony Integration (CTI) Manager de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3c) y 6.x versiones anteriores a la 6.1(2) permite a atacantes remotos provocar una denegación de servicio (caída TSP) a través de tráfico mal formado de red al puerto TCP 2748. • http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29933 http://www.securitytracker.com/id?1020360 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43349 • CWE-20: Improper Input Validation •
CVE-2008-1748
https://notcve.org/view.php?id=CVE-2008-1748
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) no valida apropiadamente URLs SIP, lo cual permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP INVITE, también conocido como ug ID CSCsl22355. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42419 • CWE-20: Improper Input Validation •
CVE-2008-1743
https://notcve.org/view.php?id=CVE-2008-1743
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433. Fugas de memoria en el servicio Certificate Trust List (CTL) Provider service de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria e interrupción del servicio) a través de una serie de paquetes TCP malformados, también conocido como Bug ID CSCsi98433. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42414 • CWE-399: Resource Management Errors •
CVE-2008-1747
https://notcve.org/view.php?id=CVE-2008-1747
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. Vulnerabilidad no especificada en Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones anteriores a 4.2(3)SR3, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (reinicio servicio CCM) a través de un mensaje SIP INVITE sin especificar, también conocido como Bug ID CSCsk46944. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42418 • CWE-20: Improper Input Validation •