CVE-2008-1154

Loading...

General

Score:10.0/10.0
Severity:High
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 04/04/08 - Updated on 08/08/17

Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Category: Access Control Error

CWE-287 (Authentication Issues)
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Security Notices

US National Vulnerability DatabaseCVE-2008-1154
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-180
Renater 2008/VULN110

Exploits

SecurityFocusBID-28591

Relative technologies

VendorProduct
ciscoemergency_responder
ciscomobility_manager
ciscounified_communications_manager
ciscounified_presence

Share this vulnerability with:

Twitter Facebook LinkedIn Mail