CVE-2004-1760 - Vulnerability Details

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Call Manager Conference Connection Emergency Responder Internet Service Node Ip Call Center Express Enhanced Ip Call Center Express Standard Ip Interactive Voice Response Personal Assistant
Ibm	Director Agent Mcs-7815-1000 Mcs-7815i-2.0 Mcs-7835i-2.4 Mcs-7835i-3.0 X330 X340 X342 X345

Configuration 1 [-]

OR	cpe:2.3:a:cisco:emergency_responder:1.1:::::::*
	cpe:2.3:a:cisco:ip_call_center_express_enhanced:3.0:::::::*
	cpe:2.3:a:cisco:ip_call_center_express_standard:3.0:::::::*
	cpe:2.3:a:cisco:ip_interactive_voice_response:3.0:::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(1\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(2\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(3\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(4\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.4\(1\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.4\(2\):::::::*
	cpe:2.3:a:ibm:director_agent:2.2:::::::*
	cpe:2.3:a:ibm:director_agent:3.11:::::::*
	cpe:2.3:h:cisco:call_manager:1.0:::::::*
	cpe:2.3:h:cisco:call_manager:2.0:::::::*
	cpe:2.3:h:cisco:call_manager:3.0:::::::*
	cpe:2.3:h:cisco:call_manager:3.1:::::::*
	cpe:2.3:h:cisco:call_manager:3.1\(2\):::::::*
	cpe:2.3:h:cisco:call_manager:3.1\(3a\):::::::*
	cpe:2.3:h:cisco:call_manager:3.2:::::::*
	cpe:2.3:h:cisco:call_manager:3.3:::::::*
	cpe:2.3:h:cisco:call_manager:3.3\(3\):::::::*
	cpe:2.3:h:cisco:call_manager:4.0:::::::*
	cpe:2.3:h:cisco:internet_service_node::::::::

Configuration 2 [-]

OR	cpe:2.3:o:cisco:conference_connection:1.1\(1\):::::::*
	cpe:2.3:o:cisco:conference_connection:1.2:::::::*

Configuration 3 [-]

OR	cpe:2.3:h:ibm:mcs-7815-1000::::::::
	cpe:2.3:h:ibm:mcs-7815i-2.0::::::::
	cpe:2.3:h:ibm:mcs-7835i-2.4::::::::
	cpe:2.3:h:ibm:mcs-7835i-3.0::::::::
	cpe:2.3:h:ibm:x330:8654:::::::*
	cpe:2.3:h:ibm:x330:8674:::::::*
	cpe:2.3:h:ibm:x340::::::::
	cpe:2.3:h:ibm:x342::::::::
	cpe:2.3:h:ibm:x345::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/10696
http://www.ciac.org/ciac/bulletins/o-066.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
http://www.kb.cert.org/vuls/id/602734
http://www.osvdb.org/3692
http://www.securityfocus.com/bid/9468
http://www.securitytracker.com/id?1008814
https://exchange.xforce.ibmcloud.com/vulnerabilities/14900

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-03-10T05:00:00

Updated: 2024-08-08T01:00:37.250Z

Reserved: 2005-03-10T00:00:00

Link: CVE-2004-1760

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-01-21T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-1760

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object