Podatność CVE-2004-1760


Publikacja: 2004-01-21   Modyfikacja: 2012-02-12

Opis:
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

Typ:

CWE-287

(Improper Authentication)

Producent: IBM
Produkt: X330 
Wersje: 8674; 8654;
Produkt: Director agent 
Wersje: 3.11; 2.2;
Produkt: X340 
Produkt: Mcs-7815i-2.0 
Produkt: X345 
Produkt: Mcs-7835i-3.0 
Produkt: Mcs-7815-1000 
Produkt: X342 
Produkt: Mcs-7835i-2.4 
Producent: Cisco
Produkt: Call manager 
Wersje:
4.0
3.3(3)
3.3
3.2
3.1(3a)
3.1(2)
3.1
3.0
2.0
1.0
Produkt: Ip call center express standard 
Wersje: 3.0;
Produkt: Ip call center express enhanced 
Wersje: 3.0;
Produkt: Ip interactive voice response 
Wersje: 3.0;
Produkt: Personal assistant 
Wersje:
1.4(2)
1.4(1)
1.3(4)
1.3(3)
1.3(2)
1.3(1)
Produkt: Conference connection 
Wersje: 1.2; 1.1(1);
Produkt: Emergency responder 
Wersje: 1.1;
Produkt: Internet service node 

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
10/10
10/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny

 Referencje:
http://www.kb.cert.org/vuls/id/602734
http://xforce.iss.net/xforce/xfdb/14900
http://www.securityfocus.com/bid/9468
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
http://secunia.com/advisories/10696
http://www.securitytracker.com/id?1008814
http://www.osvdb.org/3692
http://www.ciac.org/ciac/bulletins/o-066.shtml

Podobne CVE
CVE-2019-16002
A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CS...
CVE-2019-15973
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application...
CVE-2019-15968
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management...
CVE-2019-15994
A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected ...
CVE-2019-15972
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based managem...
CVE-2019-15986
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials....
CVE-2019-15987
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is...
CVE-2019-15995
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could...

Copyright 2019, cxsecurity.com

 

Back to Top