Vulnerability Details : CVE-2008-4999
Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-4999
Probability of exploitation activity in the next 30 days: 12.73%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-4999
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2008-4999
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4999
-
http://www.securityfocus.com/archive/1/488801/100/100/threaded
-
http://www.securityfocus.com/bid/28004
-
http://www.securityfocus.com/archive/1/488782/100/100/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/40993
-
http://securityreason.com/securityalert/4568
-
http://www.securityfocus.com/archive/1/488803/100/100/threaded
Products affected by CVE-2008-4999
- cpe:2.3:h:nortel:unistim_ip_phone:0604das:*:*:*:*:*:*:*