CVE-2008-3801

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml	Vendor Advisory
http://secunia.com/advisories/32013	Third Party Advisory
http://secunia.com/advisories/31990	Third Party Advisory
http://www.securityfocus.com/bid/31367	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2670	Permissions Required
http://www.vupen.com/english/advisories/2008/2671	Permissions Required
http://www.securitytracker.com/id?1020942	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020939	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_callmanager:4.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.0:::::::*
	cpe:2.3:o:cisco:ios:12.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.1:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.3:::::::*
	cpe:2.3:o:cisco:ios:12.4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1:::::::*
	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.1:::::::*

Information

Published : 2008-09-26 09:21

Updated : 2022-06-02 10:12

NVD link : CVE-2008-3801

Mitre link : CVE-2008-3801

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

cisco

unified_callmanager
ios
unified_communications_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://secunia.com/advisories/32013", "name": "32013", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31990", "name": "31990", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/31367", "name": "31367", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/2670", "name": "ADV-2008-2670", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2671", "name": "ADV-2008-2671", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.securitytracker.com/id?1020942", "name": "1020942", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1020939", "name": "1020939", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047", "name": "oval:org.mitre.oval:def:6047", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3801", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-09-26T16:21Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-06-02T17:12Z"}

7.1 /10