Sign-up

ID

VAR-200810-0358


CVE

CVE-2008-4544


TITLE

Cisco Unity Or used in other products Microsoft API Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-002358

DESCRIPTION

Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error.". Cisco Unity is prone to multiple remote vulnerabilities, including: - An information-disclosure vulnerability in the web interface - A denial-of-service vulnerability in the administration interface - A script-injection vulnerability in the web interface - Multiple denial-of-service vulnerabilities in unspecified services These issues are reported in Cisco Unity 7.0; other versions may also be affected. Cisco Unity is a voice and unified messaging platform. Multiple security vulnerabilities exist in Cisco Unity that could allow a malicious user to disclose sensitive information, cause a denial of service, or inject malicious scripts. If a specially crafted message is sent to a service that Unity listens on a dynamic UDP port, it can lead to a denial of service (resource exhaustion)

Trust: 1.98

sources: NVD: CVE-2008-4544 // JVNDB: JVNDB-2008-002358 // BID: 31642 // VULHUB: VHN-34669

AFFECTED PRODUCTS

vendor:ciscomodel:unityscope: - version: -

Trust: 1.4

vendor:ciscomodel:unityscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unity es8scope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unityscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unity es53scope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unity es161scope:eqversion:4.0

Trust: 0.3

sources: BID: 31642 // JVNDB: JVNDB-2008-002358 // CNNVD: CNNVD-200810-184 // NVD: CVE-2008-4544

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-4544
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-4544
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200810-184
value: MEDIUM

Trust: 0.6

VULHUB: VHN-34669
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-4544
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34669
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-34669 // JVNDB: JVNDB-2008-002358 // CNNVD: CNNVD-200810-184 // NVD: CVE-2008-4544

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2008-4544

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200810-184

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200810-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002358

PATCH
title:107983url:http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002358

EXTERNAL IDS
db:NVDid:CVE-2008-4544
Trust: 2.8
db:BIDid:31642
Trust: 2.0
db:SECTRACKid:1021020
Trust: 1.7
db:VUPENid:ADV-2008-2771
Trust: 1.7
db:JVNDBid:JVNDB-2008-002358
Trust: 0.8
db:XFid:45746
Trust: 0.6
db:CISCOid:20081008 VOIPSHIELD REPORTED VULNERABILITIES IN CISCO UNITY SERVER
Trust: 0.6
db:CNNVDid:CNNVD-200810-184
Trust: 0.6
db:VULHUBid:VHN-34669
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34669 // 
            
            
            
            BID: 31642 // 
            
            
            
            JVNDB: JVNDB-2008-002358 // 
            
            
            
            CNNVD: CNNVD-200810-184 // 
            
            
            
            NVD: CVE-2008-4544

REFERENCES
url:http://www.securityfocus.com/bid/31642
Trust: 1.7
url:http://www.cisco.com/en/us/products/products_security_response09186a0080a0d861.html
Trust: 1.7
url:http://www.voipshield.com/research-details.php?id=129
Trust: 1.7
url:http://securitytracker.com/id?1021020
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/2771
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45746
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4544
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4544
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/45746
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/2771
Trust: 0.6
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml
Trust: 0.3
url:http://www.voipshield.com/research-details.php?id=129&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=desc
Trust: 0.3
url:http://www.voipshield.com/research-details.php?id=130&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=desc
Trust: 0.3
url:http://www.voipshield.com/research-details.php?id=128&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=desc
Trust: 0.3
url:http://www.voipshield.com/research-details.php?id=127&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=desc
Trust: 0.3
sources:
            
            
            VULHUB: VHN-34669 // 
            
            
            
            BID: 31642 // 
            
            
            
            JVNDB: JVNDB-2008-002358 // 
            
            
            
            CNNVD: CNNVD-200810-184 // 
            
            
            
            NVD: CVE-2008-4544

CREDITS
VoIPshield
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200810-184

SOURCES
db:VULHUBid:VHN-34669
db:BIDid:31642
db:JVNDBid:JVNDB-2008-002358
db:CNNVDid:CNNVD-200810-184
db:NVDid:CVE-2008-4544

LAST UPDATE DATE
2025-04-10T23:09:31.054000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-34669date:2017-08-08T00:00:00
db:BIDid:31642date:2016-07-05T22:01:00
db:JVNDBid:JVNDB-2008-002358date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200810-184date:2008-12-24T00:00:00
db:NVDid:CVE-2008-4544date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-34669date:2008-10-13T00:00:00
db:BIDid:31642date:2008-10-08T00:00:00
db:JVNDBid:JVNDB-2008-002358date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200810-184date:2008-10-13T00:00:00
db:NVDid:CVE-2008-4544date:2008-10-13T20:00:02.433