CVSS: 7.1EPSS: 1%CPEs: 10EXPL: 0CVE-2008-3801
https://notcve.org/view.php?id=CVE-2008-3801
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (reinicio de proceso o de dispositivo) a través de mensajes SIP válidos no especificados. Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802. • http://secunia.com/advisories/31990 http://secunia.com/advisories/32013 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml http://www.securityfocus.com/bid/31367 http://www.securitytracker.com/id?1020939 http://www.securitytracker.com/id?1020942 http://www.vupen.com/english/advisories/2008/2670 http://www.vupen.com/english/advisories/2008/2671 https://oval.cisecurity.org/re •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2062
https://notcve.org/view.php?id=CVE-2008-2062
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. El Servicio Real-Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) versiones anteriores a la 4.2(3)SR4 y 4.3 versiones anterieos a la 4.3(2)SR1, permite a atacantes remotos evitar la autenticación y obtener información sobre la configuración en cluster y estadísticas, a través de una conexión directa TCP al puerto de servicio, también conocida como Bug ID CSCsq35151. • http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29935 http://www.securitytracker.com/id?1020361 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43355 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2730
https://notcve.org/view.php?id=CVE-2008-2730
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. El Servicio Real -Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3) y 6.x versiones anteriores a la 6.1(1) permite a atacantes remotos evitar la autenticación y obtener información sobre la configuración en cluster y estadísticas, a través de una conexión directa TCP al puerto de servicio, también conocida como Bug ID CSCsj90843. • http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29935 http://www.securitytracker.com/id?1020361 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43355 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2008-2061
https://notcve.org/view.php?id=CVE-2008-2061
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. El Servicio Computer Telephony Integration (CTI) Manager de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3c) y 6.x versiones anteriores a la 6.1(2) permite a atacantes remotos provocar una denegación de servicio (caída TSP) a través de tráfico mal formado de red al puerto TCP 2748. • http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29933 http://www.securitytracker.com/id?1020360 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43349 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 13EXPL: 0CVE-2008-1742
https://notcve.org/view.php?id=CVE-2008-1742
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. Fugas de memoria en el servicio Certificate Trust List (CTL) Provider de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria e interrupción del servicio) a través de una serie de paquetes TCP malformados, como lo demostrado por TCPFUZZ, también conocido como Bug ID CSCsj80609. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42410 • CWE-399: Resource Management Errors •