Remote Code Execution Vulnerability in Cisco Unified Communications Products
CVE-2008-1154

Currently unrated

Key Information:

Vendor: Cisco
Status: Mobility Manager; Unified Communications Manager; Unified Presence; Emergency Responder
Vendor: CVE Published:; 4 April 2008

Summary

The master server of the Disaster Recovery Framework (DRF) in Cisco Unified Communications products is vulnerable due to insufficient authentication for network requests. This gap enables remote attackers to execute arbitrary code, potentially compromising the integrity and functionality of the affected systems. Key products impacted include Unified Communications Manager, Unified Presence, Emergency Responder, and Mobility Manager, creating significant security concerns for users relying on these systems.

References

http://www.securityfocus.com/bid/28591

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://securitytracker.com/id?1019768

vdb-entryx_refsource_SECTRACK

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 4, 2008
Vulnerability Reserved
Mar 5, 2008