CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 0CVE-2008-1744
https://notcve.org/view.php?id=CVE-2008-1744
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. El servicio Certificate Authority Proxy Function (CAPF) service de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, y 4.3 versiones anteriores a 4.3(2) permite a atacantes remotos provocar una denegación de servicio (caída del servicio) a través de tráfico de red malformado, también conocido como Bug ID CSCsk46770. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42415 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 21EXPL: 0CVE-2008-1745
https://notcve.org/view.php?id=CVE-2008-1745
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(2) y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP JOIN con una cabecera malformada, también conocido como Bug ID CSCsi48115. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42417 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 0CVE-2008-1746
https://notcve.org/view.php?id=CVE-2008-1746
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. El servicio SNMP Trap Agent de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones anteriores a 4.2(3)SR3, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (core dump y reinicio del servicio) a través de una serie de paquetes UDP malformados, como lo demostrado por IP Stack Integrity Checker (ISIC), también conocido como Bug ID CSCsj24113. • http://secunia.com/advisories/30238 http://securitytracker.com/id?1020022 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml http://www.securityfocus.com/bid/29221 http://www.vupen.com/english/advisories/2008/1533 https://exchange.xforce.ibmcloud.com/vulnerabilities/42420 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 11%CPEs: 8EXPL: 0CVE-2008-1154
https://notcve.org/view.php?id=CVE-2008-1154
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communications Manager (CUCM) 5.x y 6.x, Unified Presence 1.x y 6.x, Emergency Responder 2.x, y Mobility Manager 2.x, no requiere autenticación para las peticiones recibidas desde la red, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://secunia.com/advisories/29670 http://securitytracker.com/id?1019768 http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml http://www.securityfocus.com/bid/28591 http://www.vupen.com/english/advisories/2008/1093 https://exchange.xforce.ibmcloud.com/vulnerabilities/41632 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1CVE-2008-0026 – Cisco Unified Communications Manager 6.1 - 'key' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. Una vulnerabilidad de la inyección SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro key en las páginas de interfaz de (1) administrador y (2) usuario. • https://www.exploit-db.com/exploits/31189 http://secunia.com/advisories/28932 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml http://www.securityfocus.com/bid/27775 http://www.securitytracker.com/id?1019404 http://www.vupen.com/english/advisories/2008/0542 https://exchange.xforce.ibmcloud.com/vulnerabilities/40484 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •