[email protected]CVE-2008-0027

HistoryJan 17, 2008 - 3:00 a.m.

CVE-2008-0027

2008-01-1703:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0027

buffer overflow

cisco unified communications manager

cucm

denial of service

arbitrary code execution

vulnerability

8.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.177 Low

EPSS

Percentile

96.1%

JSON

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq4.2.3sr2
cisco:unified_communications_managercisco unified communications managereq4.2
cisco:unified_communications_managercisco unified communications managereq4.3
cisco:unified_callmanagercisco unified callmanagereq4.1
cisco:unified_callmanagercisco unified callmanagereq4.1\(3\)sr5
cisco:unified_callmanagercisco unified callmanagereq4.1\(3\)sr4
cisco:unified_callmanagercisco unified callmanagereq4.1\(3\)sr5b
cisco:unified_communications_managercisco unified communications managereq4.2.3sr2b
cisco:unified_callmanagercisco unified callmanagereq4.0

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	4.2.3sr2
cisco:unified_communications_manager	cisco unified communications manager	eq	4.2
cisco:unified_communications_manager	cisco unified communications manager	eq	4.3
cisco:unified_callmanager	cisco unified callmanager	eq	4.1
cisco:unified_callmanager	cisco unified callmanager	eq	4.1\(3\)sr5
cisco:unified_callmanager	cisco unified callmanager	eq	4.1\(3\)sr4
cisco:unified_callmanager	cisco unified callmanager	eq	4.1\(3\)sr5b
cisco:unified_communications_manager	cisco unified communications manager	eq	4.2.3sr2b
cisco:unified_callmanager	cisco unified callmanager	eq	4.0

References

dvlabs.tippingpoint.com/advisory/TPTI-08-02

secunia.com/advisories/28530

securityreason.com/securityalert/3551

www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml

www.securityfocus.com/archive/1/486432/100/0/threaded

www.securityfocus.com/bid/27313

www.securitytracker.com/id?1019223

www.vupen.com/english/advisories/2008/0171

exchange.xforce.ibmcloud.com/vulnerabilities/39704

8.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.177 Low

EPSS

Percentile

96.1%

JSON

Related for CVE-2008-0027

prion1 securityvulns3 checkpoint_advisories1 cisco1