CVE-2008-1746 โ€” Improper Input Validation in Cisco Unified Communications Manager

CWE-20 โ€” Improper Input ValidationCWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.9%
top 16.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedMay 16
Latest updateMay 1

Description

The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-r5fm-h248-qf2j: The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4โ†—2022-05-01
โ–ถ
CVEList
CVE-2008-1746: The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4โ†—2008-05-16
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Denial of Service Vulnerabilitiesโ†—2008-05-14
โ–ถ
CVE-2008-1746 โ€” Improper Input Validation in Cisco | cvebase