CVE-2008-4543 | Vulnerability Database | Aqua Security

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.

Affected Software

Name	Vendor	Start Version	End Version
Unity	Cisco	*	4.2(1) (including)
Unity	Cisco	*	5.0(1) (including)
Unity	Cisco	*	7.0(2) (including)
Unity	Cisco	4.0 (including)	4.0 (including)
Unity	Cisco	4.0(1) (including)	4.0(1) (including)
Unity	Cisco	4.0(2) (including)	4.0(2) (including)
Unity	Cisco	4.0(3) (including)	4.0(3) (including)
Unity	Cisco	4.0(3)-sr2 (including)	4.0(3)-sr2 (including)
Unity	Cisco	4.0(4) (including)	4.0(4) (including)
Unity	Cisco	4.0(4)-sr1 (including)	4.0(4)-sr1 (including)
Unity	Cisco	4.0(5) (including)	4.0(5) (including)
Unity	Cisco	4.1(1) (including)	4.1(1) (including)
Unity	Cisco	5.0 (including)	5.0 (including)
Unity	Cisco	7.0 (including)	7.0 (including)

References

http://secunia.com/advisories/32187
http://securitytracker.com/id?1021013
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
http://www.securityfocus.com/bid/31642
http://www.voipshield.com/research-details.php?id=128
http://www.vupen.com/english/advisories/2008/2771
https://exchange.xforce.ibmcloud.com/vulnerabilities/45743

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4543
CWE	https://cwe.mitre.org/data/definitions/399.html