CVE-2008-0027

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Manager; Unified Callmanager
Vendor: CVE Published:; 17 January 2008

Summary

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

References

http://www.securityfocus.com/archive/1/486432/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2008/0171

vdb-entryx_refsource_VUPEN

http://securityreason.com/securityalert/3551

third-party-advisoryx_refsource_SREASON

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 17, 2008
Vulnerability Reserved
Dec 17, 2007