Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1760

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1760
Last Modified 05 Sep 2008 04:42:16
Published 21 Jan 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1760

Summary

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

Vulnerable Systems

Operating System

  • Cisco Conference Connection 1.1%281%29

  • Cisco Conference Connection 1.2

Application

  • Cisco Emergency Responder 1.1

  • Cisco Ip Call Center Express Enhanced 3.0

  • Cisco Ip Call Center Express Standard 3.0

  • Cisco Ip Interactive Voice Response 3.0

  • Cisco Personal Assistant 1.3%281%29

  • Cisco Personal Assistant 1.3%282%29

  • Cisco Personal Assistant 1.3%283%29

  • Cisco Personal Assistant 1.3%284%29

  • Cisco Personal Assistant 1.4%281%29

  • Cisco Personal Assistant 1.4%282%29

  • Ibm Director Agent 2.2

  • Ibm Director Agent 3.11


References

CERT-VN - VU#602734

XF - ciscovoice-ibmservers-admin-access(14900)

BID - 9468

CISCO - 20040121 Voice Product Vulnerabilities on IBM Servers

SECUNIA - 10696

SECTRACK - 1008814

OSVDB - 3692

CIAC - O-066


Last Updated: 27 May 2016 10:39:10