CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0027

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1720%
EPSS Percentile34.47th
PublishedJan 17, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

Affected Platforms (CPE)

πŸ“¦
Cisco

Unified Callmanager

= 4.0
πŸ“¦
Cisco

Unified Callmanager

= 4.1
πŸ“¦
Cisco

Unified Callmanager

= 4.1\(3\)sr4
πŸ“¦
Cisco

Unified Callmanager

= 4.1\(3\)sr5
πŸ“¦
Cisco

Unified Callmanager

= 4.1\(3\)sr5b
πŸ“¦
Cisco

Unified Communications Manager

= 4.2
πŸ“¦
Cisco

Unified Communications Manager

= 4.2.3sr2
πŸ“¦
Cisco

Unified Communications Manager

= 4.2.3sr2b
πŸ“¦
Cisco

Unified Communications Manager

= 4.3

References & Advisories

πŸ”— http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
πŸ”— http://secunia.com/advisories/28530
πŸ”— http://securityreason.com/securityalert/3551
πŸ”— http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
πŸ”— http://www.securityfocus.com/archive/1/486432/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/27313
πŸ”— http://www.securitytracker.com/id?1019223
πŸ”— http://www.vupen.com/english/advisories/2008/0171

Related Vulnerabilities

CVE-2011-164310.0

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 an...

CVE-2006-527810.0

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Mana...

CVE-2007-553810.0

Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) ...

CVE-2006-52779.3

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (C...