Vulnerability-Lookup

CVE-2008-4543 (GCVE-0-2008-4543)

Vulnerability from cvelistv5 – Published: 2008-10-13 18:00 – Updated: 2024-08-07 10:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/32187	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1021013	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/31642	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/2771	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.voipshield.com/research-details.php?id=128	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:17:09.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32187"
          },
          {
            "name": "cisco-unityserver-session-handling-dos(45743)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
          },
          {
            "name": "1021013",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021013"
          },
          {
            "name": "31642",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31642"
          },
          {
            "name": "ADV-2008-2771",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2771"
          },
          {
            "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.voipshield.com/research-details.php?id=128"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32187"
        },
        {
          "name": "cisco-unityserver-session-handling-dos(45743)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
        },
        {
          "name": "1021013",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021013"
        },
        {
          "name": "31642",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31642"
        },
        {
          "name": "ADV-2008-2771",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2771"
        },
        {
          "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.voipshield.com/research-details.php?id=128"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32187"
            },
            {
              "name": "cisco-unityserver-session-handling-dos(45743)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
            },
            {
              "name": "1021013",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021013"
            },
            {
              "name": "31642",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31642"
            },
            {
              "name": "ADV-2008-2771",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2771"
            },
            {
              "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
            },
            {
              "name": "http://www.voipshield.com/research-details.php?id=128",
              "refsource": "MISC",
              "url": "http://www.voipshield.com/research-details.php?id=128"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4543",
    "datePublished": "2008-10-13T18:00:00",
    "dateReserved": "2008-10-13T00:00:00",
    "dateUpdated": "2024-08-07T10:17:09.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4543\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-10-13T20:00:02.370\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.\"},{\"lang\":\"es\",\"value\":\"Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificaci\u00f3n an\u00f3nima (tambi\u00e9n conocida como autenticaci\u00f3n nativa Unity), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de sesi\u00f3n) a trav\u00e9s de un gran n\u00famero de conexiones.\\r\\n\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2\\\\(1\\\\)\",\"matchCriteriaId\":\"E0008B2C-C3EF-4C4F-AE0F-BFC2C373D68B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0\\\\(1\\\\)\",\"matchCriteriaId\":\"FDD69DB2-FD94-403D-BD18-A25FD470C817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0\\\\(2\\\\)\",\"matchCriteriaId\":\"049041BD-EBC5-4971-BD51-DD63EFB2F430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7069DF8-3006-4651-816A-855C980256FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDE9975D-17B0-4EC8-8278-A715F4BF14F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9555A7EC-C0B6-4F48-99BE-BCE51446CF47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(3\\\\):sr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6871C23B-9B4F-4621-A1C9-55D040558610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A164F687-98DB-409D-A9C4-D04ECF6DD53F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(4\\\\):sr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"255CAB12-EE1D-4DC3-B854-E0D645F4C9B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.0\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:4.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B746D68B-C6A4-494C-9302-F4652E1E2A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DAD5D8-6882-48FE-AE7A-9440F47F6C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EED32D3-A1C5-430C-8488-4D221196CB76\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/32187\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021013\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31642\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=128\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2771\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45743\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.voipshield.com/research-details.php?id=128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-4543

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-4543

Aliases

CVE-2008-4543

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4543",
    "description": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.",
    "id": "GSD-2008-4543"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4543"
      ],
      "details": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.",
      "id": "GSD-2008-4543",
      "modified": "2023-12-13T01:23:00.263339Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4543",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32187",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32187"
          },
          {
            "name": "cisco-unityserver-session-handling-dos(45743)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
          },
          {
            "name": "1021013",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021013"
          },
          {
            "name": "31642",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31642"
          },
          {
            "name": "ADV-2008-2771",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2771"
          },
          {
            "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
          },
          {
            "name": "http://www.voipshield.com/research-details.php?id=128",
            "refsource": "MISC",
            "url": "http://www.voipshield.com/research-details.php?id=128"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0\\(2\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4543"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31642",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31642"
            },
            {
              "name": "32187",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32187"
            },
            {
              "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
            },
            {
              "name": "http://www.voipshield.com/research-details.php?id=128",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.voipshield.com/research-details.php?id=128"
            },
            {
              "name": "1021013",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021013"
            },
            {
              "name": "ADV-2008-2771",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2771"
            },
            {
              "name": "cisco-unityserver-session-handling-dos(45743)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:32Z",
      "publishedDate": "2008-10-13T20:00Z"
    }
  }
}

FKIE_CVE-2008-4543

Vulnerability from fkie_nvd - Published: 2008-10-13 20:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/32187	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1021013
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/31642
cve@mitre.org	http://www.voipshield.com/research-details.php?id=128
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2771
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45743
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32187	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021013
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31642
af854a3a-2127-422b-91ae-364da2661108	http://www.voipshield.com/research-details.php?id=128
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2771
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45743

Impacted products

Vendor	Product	Version
cisco	unity	*
cisco	unity	*
cisco	unity	*
cisco	unity	4.0
cisco	unity	4.0\(1\)
cisco	unity	4.0\(2\)
cisco	unity	4.0\(3\)
cisco	unity	4.0\(3\)
cisco	unity	4.0\(4\)
cisco	unity	4.0\(4\)
cisco	unity	4.0\(5\)
cisco	unity	4.1\(1\)
cisco	unity	5.0
cisco	unity	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0008B2C-C3EF-4C4F-AE0F-BFC2C373D68B",
              "versionEndIncluding": "4.2\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD69DB2-FD94-403D-BD18-A25FD470C817",
              "versionEndIncluding": "5.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "049041BD-EBC5-4971-BD51-DD63EFB2F430",
              "versionEndIncluding": "7.0\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7069DF8-3006-4651-816A-855C980256FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CDE9975D-17B0-4EC8-8278-A715F4BF14F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9555A7EC-C0B6-4F48-99BE-BCE51446CF47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr2:*:*:*:*:*:*",
              "matchCriteriaId": "6871C23B-9B4F-4621-A1C9-55D040558610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A164F687-98DB-409D-A9C4-D04ECF6DD53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*",
              "matchCriteriaId": "255CAB12-EE1D-4DC3-B854-E0D645F4C9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B746D68B-C6A4-494C-9302-F4652E1E2A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DAD5D8-6882-48FE-AE7A-9440F47F6C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EED32D3-A1C5-430C-8488-4D221196CB76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."
    },
    {
      "lang": "es",
      "value": "Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificaci\u00f3n an\u00f3nima (tambi\u00e9n conocida como autenticaci\u00f3n nativa Unity), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de sesi\u00f3n) a trav\u00e9s de un gran n\u00famero de conexiones.\r\n\r\n"
    }
  ],
  "id": "CVE-2008-4543",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-13T20:00:02.370",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021013"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.voipshield.com/research-details.php?id=128"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.voipshield.com/research-details.php?id=128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-62CP-8PC2-PFP9

Vulnerability from github – Published: 2022-05-02 00:11 – Updated: 2022-05-02 00:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4543"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-13T20:00:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.",
  "id": "GHSA-62cp-8pc2-pfp9",
  "modified": "2022-05-02T00:11:07Z",
  "published": "2022-05-02T00:11:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4543"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32187"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021013"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "type": "WEB",
      "url": "http://www.voipshield.com/research-details.php?id=128"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200810-0357

Vulnerability from variot - Updated: 2025-04-10 23:09

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. Cisco Unity is prone to multiple remote vulnerabilities, including: - An information-disclosure vulnerability in the web interface - A denial-of-service vulnerability in the administration interface - A script-injection vulnerability in the web interface - Multiple denial-of-service vulnerabilities in unspecified services These issues are reported in Cisco Unity 7.0; other versions may also be affected. Cisco Unity is a voice and unified messaging platform. ----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/

TITLE: Cisco Unity Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA32187

VERIFY ADVISORY: http://secunia.com/advisories/32187/

CRITICAL: Less critical

IMPACT: Security Bypass, Exposure of sensitive information, DoS

WHERE:

From local network

SOFTWARE: Cisco Unity 4.x http://secunia.com/advisories/product/4386/ Cisco Unity 5.x http://secunia.com/advisories/product/20082/ Cisco Unity 7.x http://secunia.com/advisories/product/20083/

DESCRIPTION: Some vulnerabilities and a security issue have been reported in Cisco Unity, which can be exploited by malicious, local users to disclose potentially sensitive information, and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

1) An error exists within the authentication process in the Cisco Unity server, which can be exploited to bypass the authentication mechanism and view or modify certain system configuration parameters.

2) An error in the session handling in the Cisco Unity server can be exploited to cause a DoS by exhausting all available sessions.

Successful exploitation of these vulnerabilities requires that the Cisco Unity server is configured for anonymous authentication (not the default configuration).

3) A security issue is caused due to insecure permissions on "\CommServer\Reports", which can be exploited by domain users to disclose potentially sensitive information.

SOLUTION: Update to version 4.0ES161, 5.0ES53, or 7.0ES8. http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=274246502

PROVIDED AND/OR DISCOVERED BY: VoIPshield Systems

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml

VoIPshield: http://www.voipshield.com/research-details.php?id=126&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC http://www.voipshield.com/research-details.php?id=128&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC http://www.voipshield.com/research-details.php?id=130&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200810-0357",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(3\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(4\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(5\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.2\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.0\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0\\(2\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0\\(2\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.2(1)es161"
      },
      {
        "model": "unity",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.0(1)es53"
      },
      {
        "model": "unity",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0(2)es8"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.0\\(2\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.0\\(1\\)"
      },
      {
        "model": "unity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)"
      },
      {
        "model": "unity es8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "unity es53",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unity es161",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:unity",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VoIPshield",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-4543",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-4543",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-34668",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-4543",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-4543",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200810-183",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-34668",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2008-4543",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-4543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. Cisco Unity is prone to multiple remote vulnerabilities, including:\n- An information-disclosure vulnerability in the web interface\n- A denial-of-service vulnerability in the administration interface\n- A script-injection vulnerability in the web interface\n- Multiple denial-of-service vulnerabilities in unspecified services\nThese issues are reported in Cisco Unity 7.0; other versions may also be affected. Cisco Unity is a voice and unified messaging platform. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Unity Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA32187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32187/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information, DoS\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCisco Unity 4.x\nhttp://secunia.com/advisories/product/4386/\nCisco Unity 5.x\nhttp://secunia.com/advisories/product/20082/\nCisco Unity 7.x\nhttp://secunia.com/advisories/product/20083/\n\nDESCRIPTION:\nSome vulnerabilities and a security issue have been reported in Cisco\nUnity, which can be exploited by malicious, local users to disclose\npotentially sensitive information, and by malicious people to bypass\ncertain security restrictions and cause a DoS (Denial of Service). \n\n1) An error exists within the authentication process in the Cisco\nUnity server, which can be exploited to bypass the authentication\nmechanism and view or modify certain system configuration\nparameters. \n\n2) An error in the session handling in the Cisco Unity server can be\nexploited to cause a DoS by exhausting all available sessions. \n\nSuccessful exploitation of these vulnerabilities requires that the\nCisco Unity server is configured for anonymous authentication (not\nthe default configuration). \n\n3) A security issue is caused due to insecure permissions on\n\"\\CommServer\\Reports\", which can be exploited by domain users to\ndisclose potentially sensitive information. \n\nSOLUTION:\nUpdate to version 4.0ES161, 5.0ES53, or 7.0ES8. \nhttp://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=274246502\n\nPROVIDED AND/OR DISCOVERED BY:\nVoIPshield Systems\n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml\n\nVoIPshield:\nhttp://www.voipshield.com/research-details.php?id=126\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=DESC\nhttp://www.voipshield.com/research-details.php?id=128\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=DESC\nhttp://www.voipshield.com/research-details.php?id=130\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=DESC\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-4543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "db": "BID",
        "id": "31642"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-4543"
      },
      {
        "db": "PACKETSTORM",
        "id": "70765"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-4543",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "31642",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "32187",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1021013",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2771",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "45743",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20081008 VOIPSHIELD REPORTED VULNERABILITIES IN CISCO UNITY SERVER",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-34668",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2008/2771",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-4543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-4543"
      },
      {
        "db": "BID",
        "id": "31642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "db": "PACKETSTORM",
        "id": "70765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "id": "VAR-200810-0357",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34668"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:09:30.978000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "107983",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/31642"
      },
      {
        "trust": 1.8,
        "url": "http://www.cisco.com/en/us/products/products_security_response09186a0080a0d861.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.voipshield.com/research-details.php?id=128"
      },
      {
        "trust": 1.8,
        "url": "http://securitytracker.com/id?1021013"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/32187"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2008/2771"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4543"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4543"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/45743"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/2771"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20081008-unity.shtml"
      },
      {
        "trust": 0.4,
        "url": "http://www.voipshield.com/research-details.php?id=130\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=desc"
      },
      {
        "trust": 0.4,
        "url": "http://www.voipshield.com/research-details.php?id=128\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=desc"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.voipshield.com/research-details.php?id=129\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=desc"
      },
      {
        "trust": 0.3,
        "url": "http://www.voipshield.com/research-details.php?id=127\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=desc"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=15565"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20082/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/support/downloads/go/redirect.x?mdfid=274246502"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/binary_analysis/sample_analysis/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/4386/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20083/"
      },
      {
        "trust": 0.1,
        "url": "http://www.voipshield.com/research-details.php?id=126\u0026s=1\u0026threats_details=\u0026threats_category=0\u0026threats_vendor=0\u0026limit=20\u0026sort=discovered\u0026sortby=desc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32187/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-4543"
      },
      {
        "db": "BID",
        "id": "31642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "db": "PACKETSTORM",
        "id": "70765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-4543"
      },
      {
        "db": "BID",
        "id": "31642"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "db": "PACKETSTORM",
        "id": "70765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-10-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "date": "2008-10-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-4543"
      },
      {
        "date": "2008-10-08T00:00:00",
        "db": "BID",
        "id": "31642"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "date": "2008-10-10T16:17:34",
        "db": "PACKETSTORM",
        "id": "70765"
      },
      {
        "date": "2008-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      },
      {
        "date": "2008-10-13T20:00:02.370000",
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34668"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-4543"
      },
      {
        "date": "2016-07-05T22:01:00",
        "db": "BID",
        "id": "31642"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      },
      {
        "date": "2008-12-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-4543"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unity Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002359"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-183"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4543 (GCVE-0-2008-4543)

GSD-2008-4543

FKIE_CVE-2008-4543

GHSA-62CP-8PC2-PFP9

VAR-200810-0357

Tags

Sightings

Nomenclature