CVE-2008-3801
First published: Fri Sep 26 2008(Updated: )
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco CallManager Express | =4.1 | |
| Cisco CallManager Express | =4.2 | |
| Cisco CallManager Express | =4.3 | |
| Cisco Unified Communications Manager | =4.1 | |
| Cisco Unified Communications Manager | =5.0 | |
| Cisco Unified Communications Manager | =5.1 | |
| Cisco Unified Communications Manager | =6.1 | |
| Cisco IOS | =12.2 | |
| Cisco IOS | =12.3 | |
| Cisco IOS | =12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml
- http://secunia.com/advisories/32013
- http://secunia.com/advisories/31990
- http://www.securityfocus.com/bid/31367
- http://www.vupen.com/english/advisories/2008/2670
- http://www.vupen.com/english/advisories/2008/2671
- http://www.securitytracker.com/id?1020942
- http://www.securitytracker.com/id?1020939
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047
Frequently Asked Questions
What is the severity of CVE-2008-3801?
CVE-2008-3801 has been rated with a high severity due to its potential to cause a denial of service.
How do I fix CVE-2008-3801?
To fix CVE-2008-3801, upgrade the affected Cisco IOS or Unified Communications Manager software to a version that includes the security patch.
What versions are affected by CVE-2008-3801?
CVE-2008-3801 affects Cisco IOS versions 12.2 through 12.4 and Unified Communications Manager versions 4.1 through 6.1.
Can CVE-2008-3801 be exploited remotely?
Yes, CVE-2008-3801 can be exploited remotely by attackers when VoIP is configured.
What type of attack does CVE-2008-3801 facilitate?
CVE-2008-3801 facilitates a denial of service attack that may result in device or process reload.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cisco
- canonical/cisco callmanager express
- version/cisco callmanager express/4.1
- version/cisco callmanager express/4.2
- version/cisco callmanager express/4.3
- canonical/cisco unified communications manager
- version/cisco unified communications manager/4.1
- version/cisco unified communications manager/5.0
- version/cisco unified communications manager/5.1
- version/cisco unified communications manager/6.1
- canonical/cisco ios
- version/cisco ios/12.2
- version/cisco ios/12.3
- version/cisco ios/12.4