Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2008-05-16 CVE-2008-1745 Improper Input Validation vulnerability in Cisco Unified Communications Manager
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
network
low complexity
cisco CWE-20
7.8
2008-05-16 CVE-2008-1744 Improper Input Validation vulnerability in Cisco products
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
network
low complexity
cisco CWE-20
7.8
2008-05-16 CVE-2008-1743 Resource Management Errors vulnerability in Cisco Unified Communications Manager
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.
network
low complexity
cisco CWE-399
7.8
2008-05-16 CVE-2008-1742 Resource Management Errors vulnerability in Cisco Unified Communications Manager
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
network
low complexity
cisco CWE-399
7.8
2008-05-16 CVE-2008-1741 Improper Input Validation vulnerability in Cisco Unified Presence 6.01
The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.
network
low complexity
cisco CWE-20
7.8
2008-05-16 CVE-2008-1740 Improper Input Validation vulnerability in Cisco Unified Presence 6.01
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.
network
low complexity
cisco CWE-20
7.8
2008-05-16 CVE-2008-1158 Improper Input Validation vulnerability in Cisco Unified Presence and Unified Presence Server
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
network
low complexity
cisco CWE-20
7.8
2008-05-14 CVE-2008-1749 Resource Management Errors vulnerability in Cisco products
Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags.
network
low complexity
cisco CWE-399
7.8
2008-04-16 CVE-2008-1155 Information Exposure vulnerability in Cisco Network Admission Control
Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.
network
low complexity
cisco CWE-200
critical
10.0
2008-04-04 CVE-2008-1154 Improper Authentication vulnerability in Cisco products
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
cisco CWE-287
critical
10.0