// For flags

CVE-2008-0027

 

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

Desbordamiento de búfer basado en pila en el servicio proveedor de Listas de Certificados Confiables (CTL, Certificate Trust List) (CTLProvider.exe) en Cisco Unified Communications Manager (CUCM) 4.2 anterior a 4.2(3)SR3 y 4.3 anterior a 4.3(1)SR1, y CallManager 4.0 y 4.1 anterior a 4.1(3)SR5c, permite a atacantes remotos provocar una denegación de servicio o ejecutar código de su elección mediante una petición larga.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-12-17 CVE Reserved
  • 2008-01-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
 4.0
Search vendor "Cisco" for product "Unified Callmanager" and version "4.0"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
 4.1
Search vendor "Cisco" for product "Unified Callmanager" and version "4.1"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
 4.1\(3\)sr4
Search vendor "Cisco" for product "Unified Callmanager" and version "4.1\(3\)sr4"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
 4.1\(3\)sr5
Search vendor "Cisco" for product "Unified Callmanager" and version "4.1\(3\)sr5"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
 4.1\(3\)sr5b
Search vendor "Cisco" for product "Unified Callmanager" and version "4.1\(3\)sr5b"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
 4.2
Search vendor "Cisco" for product "Unified Communications Manager" and version "4.2"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
 4.2.3sr2
Search vendor "Cisco" for product "Unified Communications Manager" and version "4.2.3sr2"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
 4.2.3sr2b
Search vendor "Cisco" for product "Unified Communications Manager" and version "4.2.3sr2b"
-
Affected
Cisco
Search vendor "Cisco"
 Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
 4.3
Search vendor "Cisco" for product "Unified Communications Manager" and version "4.3"
-
Affected