CVE-2008-1154

Опубликовано: 04 апр. 2008

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:emergency_responder:2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:mobility_manager:2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05566

Низкий

10 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-x77v-m6g8-v8pp

github

почти 4 года назад