CVE-2004-0044

Name of the Vulnerable Software and Affected Versions Cisco Personal Assistant versions 1.4(1) through 1.4(2)

Description The issue allows remote attackers to gain access with a valid username when password authentication is disabled due to specific configuration settings. This occurs when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager.

Recommendations For Cisco Personal Assistant versions 1.4(1) and 1.4(2), consider disabling the "Allow Only Cisco CallManager Users" feature until a patch is available, or ensure that an alternative authentication method is enforced to prevent unauthorized access.