CVE-2008-4543 - OpenCVE

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unity

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unity::::::::
	cpe:2.3:a:cisco:unity::::::::
	cpe:2.3:a:cisco:unity::::::::
	cpe:2.3:a:cisco:unity:4.0:::::::*
	cpe:2.3:a:cisco:unity:4.0\(1\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(2\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(3\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(3\):sr2::::::
	cpe:2.3:a:cisco:unity:4.0\(4\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(4\):sr1::::::
	cpe:2.3:a:cisco:unity:4.0\(5\):::::::*
	cpe:2.3:a:cisco:unity:4.1\(1\):::::::*
	cpe:2.3:a:cisco:unity:5.0:::::::*
	cpe:2.3:a:cisco:unity:7.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/32187
http://securitytracker.com/id?1021013
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
http://www.securityfocus.com/bid/31642
http://www.voipshield.com/research-details.php?id=128
http://www.vupen.com/english/advisories/2008/2771
https://exchange.xforce.ibmcloud.com/vulnerabilities/45743

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-13T18:00:00

Updated: 2024-08-07T10:17:09.819Z

Reserved: 2008-10-13T00:00:00

Link: CVE-2008-4543

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-13T20:00:02.370

Modified: 2017-08-08T01:32:44.013

Link: CVE-2008-4543

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32187", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32187"}, {"name": "cisco-unityserver-session-handling-dos(45743)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"}, {"name": "1021013", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021013"}, {"name": "31642", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31642"}, {"name": "ADV-2008-2771", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2771"}, {"name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.voipshield.com/research-details.php?id=128"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32187", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32187"}, {"name": "cisco-unityserver-session-handling-dos(45743)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"}, {"name": "1021013", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021013"}, {"name": "31642", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31642"}, {"name": "ADV-2008-2771", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2771"}, {"name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"}, {"name": "http://www.voipshield.com/research-details.php?id=128", "refsource": "MISC", "url": "http://www.voipshield.com/research-details.php?id=128"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:09.819Z"}, "title": "CVE Program Container", "references": [{"name": "32187", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32187"}, {"name": "cisco-unityserver-session-handling-dos(45743)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"}, {"name": "1021013", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1021013"}, {"name": "31642", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31642"}, {"name": "ADV-2008-2771", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2771"}, {"name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.voipshield.com/research-details.php?id=128"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4543", "datePublished": "2008-10-13T18:00:00", "dateReserved": "2008-10-13T00:00:00", "dateUpdated": "2024-08-07T10:17:09.819Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0008B2C-C3EF-4C4F-AE0F-BFC2C373D68B", "versionEndIncluding": "4.2\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDD69DB2-FD94-403D-BD18-A25FD470C817", "versionEndIncluding": "5.0\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*", "matchCriteriaId": "049041BD-EBC5-4971-BD51-DD63EFB2F430", "versionEndIncluding": "7.0\\(2\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7069DF8-3006-4651-816A-855C980256FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "CDE9975D-17B0-4EC8-8278-A715F4BF14F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "9555A7EC-C0B6-4F48-99BE-BCE51446CF47", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr2:*:*:*:*:*:*", "matchCriteriaId": "6871C23B-9B4F-4621-A1C9-55D040558610", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "A164F687-98DB-409D-A9C4-D04ECF6DD53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*", "matchCriteriaId": "255CAB12-EE1D-4DC3-B854-E0D645F4C9B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "B746D68B-C6A4-494C-9302-F4652E1E2A13", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "20DAD5D8-6882-48FE-AE7A-9440F47F6C2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5EED32D3-A1C5-430C-8488-4D221196CB76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections."}, {"lang": "es", "value": "Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificaci\u00f3n an\u00f3nima (tambi\u00e9n conocida como autenticaci\u00f3n nativa Unity), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de sesi\u00f3n) a trav\u00e9s de un gran n\u00famero de conexiones.\r\n\r\n"}], "id": "CVE-2008-4543", "lastModified": "2017-08-08T01:32:44.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-13T20:00:02.370", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32187"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1021013"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31642"}, {"source": "cve@mitre.org", "url": "http://www.voipshield.com/research-details.php?id=128"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2771"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45743"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}