CVE-2008-1748

{"id": "CVE-2008-1748", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-05-16T12:54:00.000", "references": [{"url": "http://secunia.com/advisories/30238", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1020022", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/29221", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1533", "tags": ["Permissions Required"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355."}, {"lang": "es", "value": "Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) no valida apropiadamente URLs SIP, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n del servicio) a trav\u00e9s de un mensaje SIP INVITE, tambi\u00e9n conocido como ug ID CSCsl22355."}], "lastModified": "2019-08-01T12:13:34.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9052FB98-E267-4D79-9F3E-BFC79FAF95B5", "versionEndExcluding": "4.1\\(3\\)sr7", "versionStartIncluding": "4.1"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D27236B-0B95-4899-B1AF-0E75D8B6044F", "versionEndExcluding": "4.2\\(3\\)sr4", "versionStartIncluding": "4.2"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6012B9A6-B140-4076-9BA8-FB419A7FDA9C", "versionEndExcluding": "4.3\\(2\\)", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4013A936-92B1-4579-ABD3-B57A80A8C8E0", "versionEndExcluding": "5.1\\(3\\)", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "795C8E07-9671-4B8D-ABC6-D373F49D0244", "versionEndExcluding": "6.1\\(1\\)", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}