CVE-2008-3802 — Cisco IOS vulnerability

CWE-39910 documents4 sources

Severity

7.1HIGHNVD

EPSS

1.0%

top 22.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco Unified Callmanager Cisco Unified Communications Manager

Timeline

PublishedSep 26

Latest updateMay 2

Description

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

▶NVDcisco/ios86 versions+85

▶NVDcisco/unified_callmanager4.1, 4.2, 4.3+2

▶NVDcisco/unified_communications_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-w52f-gfhm-992j: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12↗2022-05-02

▶

GHSA

GHSA-7r4m-p2w9-fj4x: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12↗2022-05-02

▶

GHSA

GHSA-9gcq-w2xv-xvf8: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12↗2022-05-02

▶

CVEList

CVE-2008-3802: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12↗2008-09-26

▶

CVEList

CVE-2008-3801: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12↗2008-09-26

▶

📋Vendor Advisories

Cisco

Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities↗2008-09-24

▶