Podatność CVE-2004-1759


Publikacja: 2004-01-21   Modyfikacja: 2012-02-12

Opis:
Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning.

Typ:

CWE-399

(Resource Management Errors)

Producent: IBM
Produkt: X330 
Wersje: 8674; 8654;
Produkt: Director agent 
Wersje: 3.11; 2.2;
Produkt: X340 
Produkt: Mcs-7815i-2.0 
Produkt: X345 
Produkt: Mcs-7835i-3.0 
Produkt: Mcs-7815-1000 
Produkt: X342 
Produkt: Mcs-7835i-2.4 
Producent: Cisco
Produkt: Call manager 
Wersje:
4.0
3.3(3)
3.3
3.2
3.1(3a)
3.1(2)
3.1
3.0
2.0
1.0
Produkt: Ip call center express standard 
Wersje: 3.0;
Produkt: Ip call center express enhanced 
Wersje: 3.0;
Produkt: Ip interactive voice response 
Wersje: 3.0;
Produkt: Personal assistant 
Wersje:
1.4(2)
1.4(1)
1.3(4)
1.3(3)
1.3(2)
1.3(1)
Produkt: Conference connection 
Wersje: 1.2; 1.1(1);
Produkt: Emergency responder 
Wersje: 1.1;
Produkt: Internet service node 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
5/10
2.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Częściowy

 Referencje:
http://www.kb.cert.org/vuls/id/721092
http://www.securityfocus.com/bid/9469
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
http://secunia.com/advisories/10696
http://xforce.iss.net/xforce/xfdb/14901
http://www.securitytracker.com/id?1008814
http://www.osvdb.org/3691
http://www.ciac.org/ciac/bulletins/o-066.shtml

Podobne CVE
CVE-2019-15973
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application...
CVE-2019-1982
A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass fi...
CVE-2019-1981
A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filteri...
CVE-2019-1980
A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filter...
CVE-2019-1978
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filteri...
CVE-2019-1877
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file downlo...
CVE-2019-1915
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco U...
CVE-2019-15272
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerab...

Copyright 2019, cxsecurity.com

 

Back to Top