CVE-2008-1154

2008-04-0419:44:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.111

Percentile

95.3%

JSON

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

Nvd

Node

ciscoemergency_responderMatch2.0

ciscomobility_managerMatch2.0

ciscounified_communications_managerMatch5.0

ciscounified_communications_managerMatch5.1

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.1

ciscounified_presenceMatch1.0

ciscounified_presenceMatch6.0

VendorProductVersionCPE
ciscoemergency_responder2.0cpe:2.3:a:cisco:emergency_responder:2.0:*:*:*:*:*:*:*
ciscomobility_manager2.0cpe:2.3:a:cisco:mobility_manager:2.0:*:*:*:*:*:*:*
ciscounified_communications_manager5.0cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
ciscounified_communications_manager5.1cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*
ciscounified_communications_manager6.0cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
ciscounified_communications_manager6.1cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
ciscounified_presence1.0cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*
ciscounified_presence6.0cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	emergency_responder	2.0	cpe:2.3:a:cisco:emergency_responder:2.0:::::::*
cisco	mobility_manager	2.0	cpe:2.3:a:cisco:mobility_manager:2.0:::::::*
cisco	unified_communications_manager	5.0	cpe:2.3:a:cisco:unified_communications_manager:5.0:::::::*
cisco	unified_communications_manager	5.1	cpe:2.3:a:cisco:unified_communications_manager:5.1:::::::*
cisco	unified_communications_manager	6.0	cpe:2.3:a:cisco:unified_communications_manager:6.0:::::::*
cisco	unified_communications_manager	6.1	cpe:2.3:a:cisco:unified_communications_manager:6.1:::::::*
cisco	unified_presence	1.0	cpe:2.3:a:cisco:unified_presence:1.0:::::::*
cisco	unified_presence	6.0	cpe:2.3:a:cisco:unified_presence:6.0:::::::*