Vulnerability CVE-2004-1760


Published: 2004-01-21   Modified: 2012-02-12

Description:
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

Type:

CWE-287

(Improper Authentication)

Vendor: IBM
Product: X330 
Version: 8674; 8654;
Product: Director agent 
Version: 3.11; 2.2;
Product: X340 
Product: Mcs-7815i-2.0 
Product: X345 
Product: Mcs-7835i-3.0 
Product: Mcs-7815-1000 
Product: X342 
Product: Mcs-7835i-2.4 
Vendor: Cisco
Product: Call manager 
Version:
4.0
3.3(3)
3.3
3.2
3.1(3a)
3.1(2)
3.1
3.0
2.0
1.0
Product: Ip call center express standard 
Version: 3.0;
Product: Ip call center express enhanced 
Version: 3.0;
Product: Ip interactive voice response 
Version: 3.0;
Product: Personal assistant 
Version:
1.4(2)
1.4(1)
1.3(4)
1.3(3)
1.3(2)
1.3(1)
Product: Conference connection 
Version: 1.2; 1.1(1);
Product: Emergency responder 
Version: 1.1;
Product: Internet service node 

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/602734
http://xforce.iss.net/xforce/xfdb/14900
http://www.securityfocus.com/bid/9468
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
http://secunia.com/advisories/10696
http://www.securitytracker.com/id?1008814
http://www.osvdb.org/3692
http://www.ciac.org/ciac/bulletins/o-066.shtml

Related CVE
CVE-2019-1915
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco U...
CVE-2019-15272
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerab...
CVE-2019-15259
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that ar...
CVE-2019-15256
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an aff...
CVE-2019-12716
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac...
CVE-2019-12715
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac...
CVE-2019-12713
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected so...
CVE-2019-12712
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected so...

Copyright 2019, cxsecurity.com

 

Back to Top