CVE-2008-3801
https://notcve.org/view.php?id=CVE-2008-3801
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (reinicio de proceso o de dispositivo) a través de mensajes SIP válidos no especificados. Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802. • http://secunia.com/advisories/31990 http://secunia.com/advisories/32013 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml http://www.securityfocus.com/bid/31367 http://www.securitytracker.com/id?1020939 http://www.securitytracker.com/id?1020942 http://www.vupen.com/english/advisories/2008/2670 http://www.vupen.com/english/advisories/2008/2671 https://oval.cisecurity.org/re •
CVE-2008-2062
https://notcve.org/view.php?id=CVE-2008-2062
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. El Servicio Real-Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) versiones anteriores a la 4.2(3)SR4 y 4.3 versiones anterieos a la 4.3(2)SR1, permite a atacantes remotos evitar la autenticación y obtener información sobre la configuración en cluster y estadísticas, a través de una conexión directa TCP al puerto de servicio, también conocida como Bug ID CSCsq35151. • http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29935 http://www.securitytracker.com/id?1020361 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43355 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2061
https://notcve.org/view.php?id=CVE-2008-2061
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. El Servicio Computer Telephony Integration (CTI) Manager de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3c) y 6.x versiones anteriores a la 6.1(2) permite a atacantes remotos provocar una denegación de servicio (caída TSP) a través de tráfico mal formado de red al puerto TCP 2748. • http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29933 http://www.securitytracker.com/id?1020360 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43349 • CWE-20: Improper Input Validation •
CVE-2008-1748
https://notcve.org/view.php?id=CVE-2008-1748
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) no valida apropiadamente URLs SIP, lo cual permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP INVITE, también conocido como ug ID CSCsl22355. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42419 • CWE-20: Improper Input Validation •
CVE-2008-1746
https://notcve.org/view.php?id=CVE-2008-1746
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. El servicio SNMP Trap Agent de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones anteriores a 4.2(3)SR3, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (core dump y reinicio del servicio) a través de una serie de paquetes UDP malformados, como lo demostrado por IP Stack Integrity Checker (ISIC), también conocido como Bug ID CSCsj24113. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42420 • CWE-20: Improper Input Validation •