CVE-2008-3800 — Cisco IOS vulnerability

CWE-3995 documents4 sources

Severity

7.1HIGHNVD

EPSS

1.9%

top 16.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco Unified Callmanager Cisco Unified Communications Manager

Timeline

PublishedSep 26

Latest updateMay 2

Description

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

▶NVDcisco/unified_communications_manager4 versions+3

▶NVDcisco/unified_callmanager4.1, 4.2, 4.3+2

▶NVDcisco/ios12.2, 12.3, 12.4+2

🔴Vulnerability Details

GHSA

GHSA-w52f-gfhm-992j: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12↗2022-05-02

▶

CVEList

CVE-2008-3800: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12↗2008-09-26

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities↗2008-09-24

▶

Cisco

Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities↗2008-09-24

▶