CVE-2008-3801

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/31990	Third Party Advisory
http://secunia.com/advisories/32013	Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml	Vendor Advisory
http://www.securityfocus.com/bid/31367	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020939	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020942	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2670	Permissions Required
http://www.vupen.com/english/advisories/2008/2671	Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_callmanager:4.1:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.2:::::::*
	cpe:2.3:a:cisco:unified_callmanager:4.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1:::::::*
	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:o:cisco:ios:12.3:::::::*
	cpe:2.3:o:cisco:ios:12.4:::::::*

History

No history.

Information

Published : 2008-09-26 16:21

Updated : 2022-06-02 17:12

NVD link : CVE-2008-3801

Mitre link : CVE-2008-3801

CVE.ORG link : CVE-2008-3801

JSON object : View

Products Affected

cisco

unified_callmanager
ios
unified_communications_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2008-3801", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-09-26T16:21:44.080", "references": [{"url": "http://secunia.com/advisories/31990", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/32013", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/31367", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1020939", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1020942", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2670", "tags": ["Permissions Required"], "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2671", "tags": ["Permissions Required"], "source": "ykramarz@cisco.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la implementaci\u00f3n de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP est\u00e1 configurada, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de proceso o de dispositivo) a trav\u00e9s de mensajes SIP v\u00e1lidos no especificados. Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802."}], "lastModified": "2022-06-02T17:12:15.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC772518-51CC-4692-BEB2-2C9C2A215F44"}, {"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A5E0999-9FB7-4255-A8CF-5D74E70FD56A"}, {"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50BA656D-4103-4BE7-9C8A-BDC9580B7E4C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2AF68FA-433F-46F2-B309-B60A108BECFA"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "640BFEE2-B364-411E-B641-7471B88ED7CC"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E"}, {"criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178"}, {"criteria": "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0668C45B-9D25-424B-B876-C1721BFFE5DA"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}