Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3814

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-3814
Last Modified 18 May 2011 12:00:00
Published 08 Oct 2008 06:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3814

Summary

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

Vulnerable Systems

Application

  • Cisco Unity 4.0

  • Cisco Unity 4.0%281%29

  • Cisco Unity 4.0%282%29

  • Cisco Unity 4.0%283%29

  • Cisco Unity 4.0%284%29

  • Cisco Unity 4.0%285%29

  • Cisco Unity 4.1%281%29

  • Cisco Unity 4.2%281%29

  • Cisco Unity 5.0

  • Cisco Unity 5.0%281%29

  • Cisco Unity 7.0

  • Cisco Unity 7.0%282%29


References

CISCO - 20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server

CISCO - 20081008 Authentication Bypass in Cisco Unity

XF - unityserver-anonymous-authentication-bypass(45741)

VUPEN - ADV-2008-2771

MISC - http://www.voipshield.com/research-details.php?id=126

SECTRACK - 1021011

BID - 31642

BID - 31638

SECUNIA - 32187


Last Updated: 27 May 2016 10:48:18