Vulnerability CVE-2004-0044


Published: 2004-02-03   Modified: 2012-02-12

Description:
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Cisco -> Personal assistant 

 References:
http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml
http://xforce.iss.net/xforce/xfdb/14172
http://www.securityfocus.com/bid/9384
http://www.osvdb.org/3430

Copyright 2024, cxsecurity.com

 

Back to Top