CVE-2008-0027

critical Cisco
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
35.5%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: January 17, 2008 (6692 days ago)
Last Modified: April 23, 2026
Vendor: Cisco
Source: NVD

Description

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

CWE

CWE-119

Affected Products

cisco unified callmanagercisco unified communications manager

References

🔗 dvlabs.tippingpoint.com 🔗 secunia.com 🔗 securityreason.com 🔗 www.cisco.com 🔗 www.securityfocus.com