CVE-2008-3800

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml	Vendor Advisory
http://secunia.com/advisories/31990	Third Party Advisory
http://secunia.com/advisories/32013	Third Party Advisory
http://www.securityfocus.com/bid/31367	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2670	Permissions Required
http://www.vupen.com/english/advisories/2008/2671	Permissions Required
http://www.securitytracker.com/id?1020942	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020939	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086	Broken Link

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_callmanager:4.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.0:::::::*
	cpe:2.3:o:cisco:ios:12.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.1:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.3:::::::*
	cpe:2.3:o:cisco:ios:12.4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1:::::::*
	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.1:::::::*

Information

Published : 2008-09-26 09:21

Updated : 2022-06-02 10:11

NVD link : CVE-2008-3800

Mitre link : CVE-2008-3800

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

cisco

unified_callmanager
ios
unified_communications_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://secunia.com/advisories/31990", "name": "31990", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32013", "name": "32013", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/31367", "name": "31367", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/2670", "name": "ADV-2008-2670", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2671", "name": "ADV-2008-2671", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.securitytracker.com/id?1020942", "name": "1020942", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1020939", "name": "1020939", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086", "name": "oval:org.mitre.oval:def:6086", "tags": ["Broken Link"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3800", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-09-26T16:21Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-06-02T17:11Z"}