FKIE_CVE-2008-4543

Vulnerability from fkie_nvd - Published: 2008-10-13 20:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.
References
cve@mitre.orghttp://secunia.com/advisories/32187Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1021013
cve@mitre.orghttp://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/31642
cve@mitre.orghttp://www.voipshield.com/research-details.php?id=128
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2771
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45743
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32187Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021013
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31642
af854a3a-2127-422b-91ae-364da2661108http://www.voipshield.com/research-details.php?id=128
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2771
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45743
Impacted products
Vendor Product Version
cisco unity *
cisco unity *
cisco unity *
cisco unity 4.0
cisco unity 4.0\(1\)
cisco unity 4.0\(2\)
cisco unity 4.0\(3\)
cisco unity 4.0\(3\)
cisco unity 4.0\(4\)
cisco unity 4.0\(4\)
cisco unity 4.0\(5\)
cisco unity 4.1\(1\)
cisco unity 5.0
cisco unity 7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0008B2C-C3EF-4C4F-AE0F-BFC2C373D68B",
              "versionEndIncluding": "4.2\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD69DB2-FD94-403D-BD18-A25FD470C817",
              "versionEndIncluding": "5.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "049041BD-EBC5-4971-BD51-DD63EFB2F430",
              "versionEndIncluding": "7.0\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7069DF8-3006-4651-816A-855C980256FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CDE9975D-17B0-4EC8-8278-A715F4BF14F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9555A7EC-C0B6-4F48-99BE-BCE51446CF47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr2:*:*:*:*:*:*",
              "matchCriteriaId": "6871C23B-9B4F-4621-A1C9-55D040558610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A164F687-98DB-409D-A9C4-D04ECF6DD53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*",
              "matchCriteriaId": "255CAB12-EE1D-4DC3-B854-E0D645F4C9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B746D68B-C6A4-494C-9302-F4652E1E2A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DAD5D8-6882-48FE-AE7A-9440F47F6C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EED32D3-A1C5-430C-8488-4D221196CB76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."
    },
    {
      "lang": "es",
      "value": "Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificaci\u00f3n an\u00f3nima (tambi\u00e9n conocida como autenticaci\u00f3n nativa Unity), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de sesi\u00f3n) a trav\u00e9s de un gran n\u00famero de conexiones.\r\n\r\n"
    }
  ],
  "id": "CVE-2008-4543",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-13T20:00:02.370",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021013"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.voipshield.com/research-details.php?id=128"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.voipshield.com/research-details.php?id=128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.