CVE-2008-1154

Currently unrated

Key Information:

Vendor: Cisco
Status: Mobility Manager; Unified Communications Manager; Unified Presence; Emergency Responder
Vendor: CVE Published:; 4 April 2008

Summary

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

References

http://www.securityfocus.com/bid/28591

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://securitytracker.com/id?1019768

vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 4, 2008
Vulnerability Reserved
Mar 5, 2008