Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4545

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-4545
Last Modified 07 Mar 2011 10:12:38
Published 13 Oct 2008 04:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4545

Summary

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.

Vulnerable Systems

Application

  • Cisco Unity 4.0

  • Cisco Unity 4.0%281%29

  • Cisco Unity 4.0%282%29

  • Cisco Unity 4.0%283%29

  • Cisco Unity 4.0%284%29

  • Cisco Unity 4.0%285%29

  • Cisco Unity 4.1%281%29

  • Cisco Unity 4.2%281%29

  • Cisco Unity 5.0

  • Cisco Unity 5.0%281%29

  • Cisco Unity 7.0

  • Cisco Unity 7.0%282%29


References

XF - unityserver-reports-information-disclosure(45742)

VUPEN - ADV-2008-2771

MISC - http://www.voipshield.com/research-details.php?id=130

BID - 31642

CISCO - 20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server

SECTRACK - 1021022

SECUNIA - 32187


Last Updated: 27 May 2016 10:48:32