Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1154

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1154
Last Modified 29 Oct 2012 11:08:19
Published 04 Apr 2008 03:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1154

Summary

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Systems

Application

  • Cisco Emergency Responder 2.0

  • Cisco Mobility Manager 2.0

  • Cisco Unified Communications Manager 5.0

  • Cisco Unified Communications Manager 5.1

  • Cisco Unified Communications Manager 6.0

  • Cisco Unified Communications Manager 6.1

  • Cisco Unified Presence 1.0

  • Cisco Unified Presence 6.0


References

CISCO - 20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability

VUPEN - ADV-2008-1093

BID - 28591

SECTRACK - 1019768

SECUNIA - 29670

XF - cisco-drf-command-execution(41632)


Last Updated: 27 May 2016 11:01:17