CVE-2008-1154

Sažetak

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Reference

http://secunia.com/advisories/29670
http://securitytracker.com/id?1019768
http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml
http://www.securityfocus.com/bid/28591
http://www.vupen.com/english/advisories/2008/1093
https://exchange.xforce.ibmcloud.com/vulnerabilities/41632

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-08-2017 - 01:29

Objavljeno

04-04-2008 - 19:44