CVE-2008-3800

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/31990	Third Party Advisory
http://secunia.com/advisories/32013	Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml	Vendor Advisory
http://www.securityfocus.com/bid/31367	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020939	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020942	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2670	Permissions Required
http://www.vupen.com/english/advisories/2008/2671	Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_callmanager:4.1:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.2:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1:::::::*
	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:o:cisco:ios:12.3:::::::*
	cpe:2.3:o:cisco:ios:12.4:::::::*

History

02 Jun 2022, 17:11

Type	Values Removed	Values Added
References	~~(VUPEN) http://www.vupen.com/english/advisories/2008/2671 -~~	(VUPEN) http://www.vupen.com/english/advisories/2008/2671 - Permissions Required
References	~~(CISCO) http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml - Patch~~	(CISCO) http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml - Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/32013 -~~	(SECUNIA) http://secunia.com/advisories/32013 - Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id?1020939 -~~	(SECTRACK) http://www.securitytracker.com/id?1020939 - Broken Link, Third Party Advisory, VDB Entry
References	~~(VUPEN) http://www.vupen.com/english/advisories/2008/2670 -~~	(VUPEN) http://www.vupen.com/english/advisories/2008/2670 - Permissions Required
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086 - Broken Link
References	~~(CISCO) http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml - Patch~~	(CISCO) http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml - Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/31990 -~~	(SECUNIA) http://secunia.com/advisories/31990 - Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id?1020942 -~~	(SECTRACK) http://www.securitytracker.com/id?1020942 - Broken Link, Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/31367 -~~	(BID) http://www.securityfocus.com/bid/31367 - Third Party Advisory, VDB Entry
CPE	cpe:2.3:h:cisco:ios:12.4:::::::* cpe:2.3:h:cisco:ios:12.3:::::::* cpe:2.3:h:cisco:ios:12.2:::::::*	cpe:2.3:o:cisco:ios:12.2:::::::* cpe:2.3:o:cisco:ios:12.3:::::::* cpe:2.3:o:cisco:ios:12.4:::::::*

Information

Published : 2008-09-26 16:21

Updated : 2023-12-10 10:51

NVD link : CVE-2008-3800

Mitre link : CVE-2008-3800

CVE.ORG link : CVE-2008-3800

JSON object : View

Products Affected

cisco

ios
unified_communications_manager
unified_callmanager

CWE

NVD-CWE-noinfo

7.1 /10