CVE-2008-1748 — Improper Input Validation in Cisco Unified Communications Manager

CWE-20 — Improper Input Validation CWE-3995 documents5 sources

Severity

7.8HIGHNVD

EPSS

2.2%

top 15.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedMay 16

Latest updateMay 1

Description

Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager4.1 — 4.1\(3\)sr7+4

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-3pw9-xq5q-xv5f: Cisco Unified Communications Manager 4↗2022-05-01

▶

CVEList

CVE-2008-1748: Cisco Unified Communications Manager 4↗2008-05-16

▶

💥Exploits & PoCs

Exploit-DB

PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting↗2008-06-04

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Denial of Service Vulnerabilities↗2008-05-14

▶