← Back

CVE-2008-1154

nvd nist
Published: Apr 4, 2008Modified: Apr 23, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected (8)

Cisco
4 products
Emergency Responder
Mobility Manager
Unified Communications Manager
Unified Presence
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Emergency Responder
Version 2.0
Mobility Manager
Version 2.0
Cisco
Unified Communications Manager
Version 5.0
Unified Communications Manager
Version 5.1
Unified Communications Manager
Version 6.0
Unified Communications Manager
Version 6.1
Cisco
Unified Presence
Version 1.0
Unified Presence
Version 6.0

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (12)

Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Patch
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.