Lucene search

MitreCVE-2008-4543

HistoryOct 13, 2008 - 8:00 p.m.

CVE-2008-4543

2008-10-1320:00:02

CWE-399

mitre

web.nvd.nist.gov

cisco unity

cve-2008-4543

denial of service

session exhaustion

authentication

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.

Affected configurations

Nvd

Node

ciscounityRange≤4.2\(1\)

ciscounityRange≤5.0\(1\)

ciscounityRange≤7.0\(2\)

ciscounityMatch4.0

ciscounityMatch4.0\(1\)

ciscounityMatch4.0\(2\)

ciscounityMatch4.0\(3\)

ciscounityMatch4.0\(3\)sr2

ciscounityMatch4.0\(4\)

ciscounityMatch4.0\(4\)sr1

ciscounityMatch4.0\(5\)

ciscounityMatch4.1\(1\)

ciscounityMatch5.0

ciscounityMatch7.0

VendorProductVersionCPE
ciscounity*cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*
ciscounity4.0cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*
ciscounity4.0(1)cpe:2.3:a:cisco:unity:4.0\(1\):*:*:*:*:*:*:*
ciscounity4.0(2)cpe:2.3:a:cisco:unity:4.0\(2\):*:*:*:*:*:*:*
ciscounity4.0(3)cpe:2.3:a:cisco:unity:4.0\(3\):*:*:*:*:*:*:*
ciscounity4.0(3)cpe:2.3:a:cisco:unity:4.0\(3\):sr2:*:*:*:*:*:*
ciscounity4.0(4)cpe:2.3:a:cisco:unity:4.0\(4\):*:*:*:*:*:*:*
ciscounity4.0(4)cpe:2.3:a:cisco:unity:4.0\(4\):sr1:*:*:*:*:*:*
ciscounity4.0(5)cpe:2.3:a:cisco:unity:4.0\(5\):*:*:*:*:*:*:*
ciscounity4.1(1)cpe:2.3:a:cisco:unity:4.1\(1\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unity	*	cpe:2.3:a:cisco:unity::::::::
cisco	unity	4.0	cpe:2.3:a:cisco:unity:4.0:::::::*
cisco	unity	4.0(1)	cpe:2.3:a:cisco:unity:4.0\(1\):::::::*
cisco	unity	4.0(2)	cpe:2.3:a:cisco:unity:4.0\(2\):::::::*
cisco	unity	4.0(3)	cpe:2.3:a:cisco:unity:4.0\(3\):::::::*
cisco	unity	4.0(3)	cpe:2.3:a:cisco:unity:4.0\(3\):sr2::::::
cisco	unity	4.0(4)	cpe:2.3:a:cisco:unity:4.0\(4\):::::::*
cisco	unity	4.0(4)	cpe:2.3:a:cisco:unity:4.0\(4\):sr1::::::
cisco	unity	4.0(5)	cpe:2.3:a:cisco:unity:4.0\(5\):::::::*
cisco	unity	4.1(1)	cpe:2.3:a:cisco:unity:4.1\(1\):::::::*

Rows per page:

1-10 of 121

References

secunia.com/advisories/32187

securitytracker.com/id?1021013

www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html

www.securityfocus.com/bid/31642

www.voipshield.com/research-details.php?id=128

www.vupen.com/english/advisories/2008/2771

exchange.xforce.ibmcloud.com/vulnerabilities/45743

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Related for CVE-2008-4543