PT-2008-2748 · Cisco · Cisco Unified Presence+3

Published

2008-04-04

Updated

2017-08-08

CVE-2008-1154

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 5.x through 6.x Cisco Unified Presence versions 1.x through 6.x Cisco Emergency Responder version 2.x Cisco Mobility Manager version 2.x

Description The issue concerns the Disaster Recovery Framework master server in Cisco Unified Communications products. It does not require authentication for requests received from the network, allowing remote attackers to execute arbitrary code.

Recommendations For Cisco Unified Communications Manager versions 5.x through 6.x, update to a version that requires authentication for requests. For Cisco Unified Presence versions 1.x through 6.x, update to a version that requires authentication for requests. For Cisco Emergency Responder version 2.x, update to a version that requires authentication for requests. For Cisco Mobility Manager version 2.x, update to a version that requires authentication for requests.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-1154

Affected Products

Cisco Emergency Responder

Cisco Mobility Manager

Cisco Unified Communications Manager

Cisco Unified Presence

PT-2008-2748 · Cisco · Cisco Unified Presence+3

CVE-2008-1154

Weakness Enumeration

Related Identifiers

Affected Products

References · 7