CVE-2008-3800
First published: Fri Sep 26 2008(Updated: )
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco CallManager Express | =4.2 | |
| Cisco Unified Communications Manager | =5.0 | |
| Cisco IOS | =12.3 | |
| Cisco Unified Communications Manager | =6.1 | |
| Cisco CallManager Express | =4.1 | |
| Cisco CallManager Express | =4.3 | |
| Cisco IOS | =12.4 | |
| Cisco Unified Communications Manager | =4.1 | |
| Cisco IOS | =12.2 | |
| Cisco Unified Communications Manager | =5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml
- http://secunia.com/advisories/31990
- http://secunia.com/advisories/32013
- http://www.securityfocus.com/bid/31367
- http://www.vupen.com/english/advisories/2008/2670
- http://www.vupen.com/english/advisories/2008/2671
- http://www.securitytracker.com/id?1020942
- http://www.securitytracker.com/id?1020939
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086
Frequently Asked Questions
What is the severity of CVE-2008-3800?
CVE-2008-3800 is classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2008-3800?
To mitigate CVE-2008-3800, upgrade your Cisco IOS or Unified Communications Manager to a version that is not affected by this vulnerability.
What versions of Cisco software are affected by CVE-2008-3800?
CVE-2008-3800 affects Cisco IOS versions 12.2 through 12.4 and Unified Communications Manager versions 4.1 through 6.1.
What type of attack does CVE-2008-3800 facilitate?
CVE-2008-3800 facilitates remote denial of service attacks that can lead to device or process reload.
Is there a workaround for CVE-2008-3800?
There are no officially documented workarounds for CVE-2008-3800, thus updating to a secure version is recommended.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco callmanager express
- version/cisco callmanager express/4.2
- canonical/cisco unified communications manager
- version/cisco unified communications manager/5.0
- canonical/cisco ios
- version/cisco ios/12.3
- version/cisco unified communications manager/6.1
- version/cisco callmanager express/4.1
- version/cisco callmanager express/4.3
- version/cisco ios/12.4
- version/cisco unified communications manager/4.1
- version/cisco ios/12.2
- version/cisco unified communications manager/5.1