CVE-2008-4999

Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/4568
http://www.securityfocus.com/archive/1/488782/100/100/threaded
http://www.securityfocus.com/archive/1/488801/100/100/threaded
http://www.securityfocus.com/archive/1/488803/100/100/threaded
http://www.securityfocus.com/bid/28004
https://exchange.xforce.ibmcloud.com/vulnerabilities/40993

Configurations

Configuration 1 (hide)

cpe:2.3:h:nortel:unistim_ip_phone:0604das:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-11-07 19:36

Updated : 2023-12-10 10:51

NVD link : CVE-2008-4999

Mitre link : CVE-2008-4999

CVE.ORG link : CVE-2008-4999

JSON object : View

Products Affected

nortel

unistim_ip_phone

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2008-4999", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-07T19:36:24.087", "references": [{"url": "http://securityreason.com/securityalert/4568", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488782/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488801/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488803/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28004", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40993", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet (\"ping of death\"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue."}, {"lang": "es", "value": "El tel\u00e9fono IP Nortel Networks UNIStim 0604DAS , permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete ping largo (\"Ping de la muerte\"). Nota: Esta caracter\u00edstica no ha podido ser reproducida por terceras partes, que lo chequearon en un 0604DAD. Como a\u00f1adido, el desarrollador inicial no ha sido capaz de reproducir esta incidencia de forma fideligna.\r\n"}], "lastModified": "2018-10-11T20:53:17.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nortel:unistim_ip_phone:0604das:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B83A5C60-DB69-46CD-AEFB-186985904EB2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}