CVE-2008-3810 β€” Improper Input Validation in Cisco IOS

CWE-20 β€” Improper Input ValidationCWE-3997 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.9%
top 16.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 26
Latest updateMay 2

Description

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

β–ΆNVDcisco/ios17 versions+16

πŸ”΄Vulnerability Details

4
GHSA
GHSA-cgmg-28mj-xfpc: Cisco IOS 12β†—2022-05-02
β–Ά
GHSA
GHSA-q6pw-h64c-4qqr: Cisco IOS 12β†—2022-05-02
β–Ά
CVEList
CVE-2008-3811: Cisco IOS 12β†—2008-09-26
β–Ά
CVEList
CVE-2008-3810: Cisco IOS 12β†—2008-09-26
β–Ά

πŸ“‹Vendor Advisories

1
Cisco
Cisco IOS NAT Skinny Call Control Protocol Vulnerability↗2008-09-24
β–Ά
CVE-2008-3810 β€” Improper Input Validation in Cisco IOS | cvebase