Search...

CVE-2008-4544

2008-10-13T20:00:00

ID CVE-2008-4544
Type cve
Reporter cve@mitre.org
Modified 2017-08-08T01:32:00

Description

Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error."

JSON Vulners Source

Initial Source

{"id": "CVE-2008-4544", "bulletinFamily": "NVD", "title": "CVE-2008-4544", "description": "Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a \"processing error.\"", "published": "2008-10-13T20:00:00", "modified": "2017-08-08T01:32:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4544", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/31642", "http://securitytracker.com/id?1021020", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45746", "http://www.voipshield.com/research-details.php?id=129", "http://www.vupen.com/english/advisories/2008/2771", "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"], "cvelist": ["CVE-2008-4544"], "type": "cve", "lastseen": "2021-02-02T05:35:17", "edition": 4, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20081009-CVE-2008-4544"]}, {"type": "seebug", "idList": ["SSV:4235"]}], "modified": "2021-02-02T05:35:17", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-02-02T05:35:17", "rev": 2}, "vulnersScore": 6.5}, "cpe": ["cpe:/a:cisco:unity:*"], "affectedSoftware": [{"cpeName": "cisco:unity", "name": "cisco unity", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "ADV-2008-2771", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/2771"}, {"name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server", "refsource": "CISCO", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"}, {"name": "31642", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/31642"}, {"name": "1021020", "refsource": "SECTRACK", "tags": [], "url": "http://securitytracker.com/id?1021020"}, {"name": "cisco-unity-microsoftapi-unspecified(45746)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45746"}, {"name": "http://www.voipshield.com/research-details.php?id=129", "refsource": "MISC", "tags": [], "url": "http://www.voipshield.com/research-details.php?id=129"}]}

{"cisco": [{"lastseen": "2020-12-24T11:42:08", "bulletinFamily": "software", "cvelist": ["CVE-2008-4544"], "description": "Cisco Unity contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. \n\nThis vulnerability exists due to improper handling of network messages. An unauthenticated, remote attacker to exploit this vulnerability to render the Cisco Unity server unavailable, which may deny legitimate users access to the affected system.\n\nCisco confirmed this vulnerability, but updated software is not available.\n\nAttackers may require access to trusted, internal networks to connect to an affected system. An exploit could prevent the establishment of further connections with the affected system. This denial of service condition could prevent users from accessing the Cisco Unity server.", "modified": "2012-07-14T16:07:52", "published": "2008-10-09T13:53:41", "id": "CISCO-SA-20081009-CVE-2008-4544", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20081009-CVE-2008-4544", "type": "cisco", "title": "Cisco Unity Connection Exhaustion Denial of Service Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T21:23:51", "description": "BUGTRAQ ID: 31642\r\nCVE(CAN) ID: CVE-2008-4545,CVE-2008-4544,CVE-2008-4543,CVE-2008-4542\r\n\r\nCisco Unity\u662f\u4e00\u4e2a\u8bed\u97f3\u548c\u7edf\u4e00\u7684\u6d88\u606f\u5e73\u53f0\u3002\r\n\r\nCisco Unity\u4e2d\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5141\u8bb8\u6076\u610f\u7528\u6237\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3001\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6ce8\u5165\u6076\u610f\u811a\u672c\u3002\r\n\r\n1) Cisco Unity\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5411\u6570\u636e\u5e93\u63d0\u4f9b\u6076\u610f\u6570\u636e\uff0c\u5f53\u4e0b\u4e00\u6b21\u7ba1\u7406\u5458\u767b\u5f55\u5e76\u8bbf\u95ee\u4f9d\u8d56\u4e8e\u5b58\u50a8\u4fe1\u606f\u7684\u9875\u9762\u65f6\uff0c\u5c31\u53ef\u4ee5\u6267\u884c\u8de8\u7ad9\u811a\u672c\u3002\r\n\r\n2) Unity\u670d\u52a1\u5668\u7684\u4f1a\u8bdd\u7ba1\u7406\u662f\u6709\u9650\u7684\uff0c\u8fd9\u5141\u8bb8\u6076\u610f\u7528\u6237\u8017\u5c3d\u6240\u6709\u53ef\u7528\u7684\u4f1a\u8bdd\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u8981\u6c42Unity\u670d\u52a1\u5668\u914d\u7f6e\u4e86\u533f\u540d\u8ba4\u8bc1\uff08\u975e\u9ed8\u8ba4\uff09\u3002\r\n\r\n3) Unity\u670d\u52a1\u5668\u6ca1\u6709\u5bf9\\CommServer\\Reports\u8bbe\u7f6e\u5b89\u5168\u7684\u6743\u9650\uff0c\u57df\u7528\u6237\u53ef\u4ee5\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\r\n\r\n4) \u5982\u679c\u5411Unity\u76d1\u542c\u52a8\u6001UDP\u7aef\u53e3\u7684\u670d\u52a1\u53d1\u9001\u4e86\u7279\u5236\u62a5\u6587\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u7684\u60c5\u51b5\u3002\n\nCisco Unity Server 7.0\r\nCisco Unity Server 5.0\r\nCisco Unity Server 4.2\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nCisco\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.cisco.com/warp/public/707/advisory.html target=_blank>http://www.cisco.com/warp/public/707/advisory.html</a>", "published": "2008-10-15T00:00:00", "type": "seebug", "title": "Cisco Unity\u591a\u4e2a\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4542", "CVE-2008-4543", "CVE-2008-4544", "CVE-2008-4545"], "modified": "2008-10-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4235", "id": "SSV:4235", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}