Authentication Bypass in Cisco Voice Products on IBM Servers
CVE-2004-1760

Currently unrated

Key Information:

Vendor: Cisco
Status: Personal Assistant; Ip Interactive Voice Response; Ip Call Center Express Standard; Call Manager
Vendor: CVE Published:; 21 January 2004

Summary

The default installation of Cisco voice products running on IBM servers prior to version OS 2000.2.6 is susceptible to an authentication bypass vulnerability. This allows remote attackers to gain unauthorized access and potentially achieve administrator privileges by connecting directly to TCP port 14247 without requiring any form of authentication. This issue underscores the importance of implementing security best practices in product configurations to prevent unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/14900

vdb-entryx_refsource_XF

http://www.osvdb.org/3692

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/10696

third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Mar 10, 2005
Vulnerability published
Jan 21, 2004