CVSS: 7.8EPSS: 2%CPEs: 13EXPL: 0CVE-2008-1742
https://notcve.org/view.php?id=CVE-2008-1742
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. Fugas de memoria en el servicio Certificate Trust List (CTL) Provider de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria e interrupción del servicio) a través de una serie de paquetes TCP malformados, como lo demostrado por TCPFUZZ, también conocido como Bug ID CSCsj80609. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42410 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2008-1747
https://notcve.org/view.php?id=CVE-2008-1747
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. Vulnerabilidad no especificada en Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones anteriores a 4.2(3)SR3, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (reinicio servicio CCM) a través de un mensaje SIP INVITE sin especificar, también conocido como Bug ID CSCsk46944. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42418 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 0CVE-2008-1744
https://notcve.org/view.php?id=CVE-2008-1744
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. El servicio Certificate Authority Proxy Function (CAPF) service de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, y 4.3 versiones anteriores a 4.3(2) permite a atacantes remotos provocar una denegación de servicio (caída del servicio) a través de tráfico de red malformado, también conocido como Bug ID CSCsk46770. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42415 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 18%CPEs: 9EXPL: 0CVE-2008-0027
https://notcve.org/view.php?id=CVE-2008-0027
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. Desbordamiento de búfer basado en pila en el servicio proveedor de Listas de Certificados Confiables (CTL, Certificate Trust List) (CTLProvider.exe) en Cisco Unified Communications Manager (CUCM) 4.2 anterior a 4.2(3)SR3 y 4.3 anterior a 4.3(1)SR1, y CallManager 4.0 y 4.1 anterior a 4.1(3)SR5c, permite a atacantes remotos provocar una denegación de servicio o ejecutar código de su elección mediante una petición larga. • http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 http://secunia.com/advisories/28530 http://securityreason.com/securityalert/3551 http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml http://www.securityfocus.com/archive/1/486432/100/0/threaded http://www.securityfocus.com/bid/27313 http://www.securitytracker.com/id?1019223 http://www.vupen.com/english/advisories/2008/0171 https://exchange.xforce.ibmcloud.com/vulnerabilities/39704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-5537
https://notcve.org/view.php?id=CVE-2007-5537
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822. Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegación de servicio (kernel panic) mediante una inundación de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, también conocida como, CSCsi75822. • http://osvdb.org/37941 http://secunia.com/advisories/27296 http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml http://www.securityfocus.com/bid/26105 http://www.securitytracker.com/id?1018828 http://www.vupen.com/english/advisories/2007/3532 https://exchange.xforce.ibmcloud.com/vulnerabilities/37246 • CWE-399: Resource Management Errors •