← Back

CVE-2004-1760

nvd nist
Published: Jan 21, 2004Modified: Apr 16, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

Affected (34)

Cisco
8 products
Call Manager
Emergency Responder
Internet Service Node
Ip Call Center Express Enhanced
Ip Call Center Express Standard
Ip Interactive Voice Response
Personal Assistant
Conference Connection
Ibm
9 products
Director Agent
Mcs 7815 1000
Mcs 7815i 2.0
Mcs 7835i 2.4
Mcs 7835i 3.0
X330
X340
X342
X345
Configuration A
23 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Call Manager
Version 1.0
Call Manager
Version 2.0
Call Manager
Version 3.0
Call Manager
Version 3.1
Call Manager
Version 3.1(2)
Call Manager
Version 3.1(3a)
Call Manager
Version 3.2
Call Manager
Version 3.3
Call Manager
Version 3.3(3)
Call Manager
Version 4.0
Emergency Responder
Version 1.1
Internet Service Node
All versions
Ip Call Center Express Enhanced
Version 3.0
Ip Call Center Express Standard
Version 3.0
Ip Interactive Voice Response
Version 3.0
Cisco
Personal Assistant
Version 1.3(1)
Personal Assistant
Version 1.3(2)
Personal Assistant
Version 1.3(3)
Personal Assistant
Version 1.3(4)
Personal Assistant
Version 1.4(1)
Personal Assistant
Version 1.4(2)
Ibm
Director Agent
Version 2.2
Director Agent
Version 3.11
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Conference Connection
Version 1.1(1)
Conference Connection
Version 1.2
Configuration C
9 vulnerable
Vulnerable SoftwareAffected Versions
Mcs 7815 1000
All versions
Mcs 7815i 2.0
All versions
Mcs 7835i 2.4
All versions
Mcs 7835i 3.0
All versions
Ibm
X330
Version 8654
X330
Version 8674
X340
All versions
X342
All versions
X345
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (16)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchThird Party AdvisoryUS Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.