CVE-2008-3814

Sažetak

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

Reference

http://secunia.com/advisories/32187
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
http://www.securityfocus.com/bid/31638
http://www.securityfocus.com/bid/31642
http://www.securitytracker.com/id?1021011
http://www.voipshield.com/research-details.php?id=126
http://www.vupen.com/english/advisories/2008/2771
https://exchange.xforce.ibmcloud.com/vulnerabilities/45741

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:32

Objavljeno

08-10-2008 - 22:00