Vulnerability CVE-2004-1760


Published: 2004-01-21   Modified: 2012-02-12

Description:
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> X345 
IBM -> Director agent 
IBM -> Mcs-7815-1000 
IBM -> Mcs-7815i-2.0 
IBM -> Mcs-7835i-2.4 
IBM -> Mcs-7835i-3.0 
IBM -> X330 
IBM -> X340 
IBM -> X342 
Cisco -> Conference connection 
Cisco -> Emergency responder 
Cisco -> Ip call center express enhanced 
Cisco -> Ip call center express standard 
Cisco -> Ip interactive voice response 
Cisco -> Personal assistant 
Cisco -> Call manager 
Cisco -> Internet service node 

 References:
http://www.kb.cert.org/vuls/id/602734
http://xforce.iss.net/xforce/xfdb/14900
http://www.securityfocus.com/bid/9468
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
http://secunia.com/advisories/10696
http://www.securitytracker.com/id?1008814
http://www.osvdb.org/3692
http://www.ciac.org/ciac/bulletins/o-066.shtml

Copyright 2024, cxsecurity.com

 

Back to Top