CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-0027

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1720%
EPSS Percentile34.47th
Published2008年1月17日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

Affected Platforms (CPE)

📦
Cisco

Unified Callmanager

= 4.0
📦
Cisco

Unified Callmanager

= 4.1
📦
Cisco

Unified Callmanager

= 4.1\(3\)sr4
📦
Cisco

Unified Callmanager

= 4.1\(3\)sr5
📦
Cisco

Unified Callmanager

= 4.1\(3\)sr5b
📦
Cisco

Unified Communications Manager

= 4.2
📦
Cisco

Unified Communications Manager

= 4.2.3sr2
📦
Cisco

Unified Communications Manager

= 4.2.3sr2b
📦
Cisco

Unified Communications Manager

= 4.3

References & Advisories

🔗 http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
🔗 http://secunia.com/advisories/28530
🔗 http://securityreason.com/securityalert/3551
🔗 http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
🔗 http://www.securityfocus.com/archive/1/486432/100/0/threaded
🔗 http://www.securityfocus.com/bid/27313
🔗 http://www.securitytracker.com/id?1019223
🔗 http://www.vupen.com/english/advisories/2008/0171

関連する脆弱性情報

CVE-2011-164310.0

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 an...

CVE-2006-527810.0

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Mana...

CVE-2007-553810.0

Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) ...

CVE-2006-52779.3

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (C...