CVE-2008-1154 - Vulnerability Details - OpenCVE

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Emergency Responder Mobility Manager Unified Communications Manager Unified Presence

Configuration 1 [-]

OR	cpe:2.3:a:cisco:emergency_responder:2.0:::::::*
	cpe:2.3:a:cisco:mobility_manager:2.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:5.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1:::::::*
	cpe:2.3:a:cisco:unified_presence:1.0:::::::*
	cpe:2.3:a:cisco:unified_presence:6.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/29670
http://securitytracker.com/id?1019768
http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml
http://www.securityfocus.com/bid/28591
http://www.vupen.com/english/advisories/2008/1093
https://exchange.xforce.ibmcloud.com/vulnerabilities/41632

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2008-04-04T19:00:00

Updated: 2024-08-07T08:08:57.646Z

Reserved: 2008-03-05T00:00:00

Link: CVE-2008-1154

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-04-04T19:44:00.000

Modified: 2024-11-21T00:43:48.393

Link: CVE-2008-1154

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "28591", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28591"}, {"name": "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"name": "1019768", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019768"}, {"name": "ADV-2008-1093", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"name": "cisco-drf-command-execution(41632)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}, {"name": "29670", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29670"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2008-1154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28591", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28591"}, {"name": "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"name": "1019768", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019768"}, {"name": "ADV-2008-1093", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"name": "cisco-drf-command-execution(41632)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}, {"name": "29670", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29670"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.646Z"}, "title": "CVE Program Container", "references": [{"name": "28591", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28591"}, {"name": "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"name": "1019768", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019768"}, {"name": "ADV-2008-1093", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"name": "cisco-drf-command-execution(41632)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}, {"name": "29670", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29670"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2008-1154", "datePublished": "2008-04-04T19:00:00", "dateReserved": "2008-03-05T00:00:00", "dateUpdated": "2024-08-07T08:08:57.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:emergency_responder:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "984570AA-2517-440D-9A2F-8EBAEB022602", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_manager:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BFAA32C-6AEC-490A-9514-BA5B10E9B0E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2AF68FA-433F-46F2-B309-B60A108BECFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "640BFEE2-B364-411E-B641-7471B88ED7CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "53DFD5A1-33C9-45E5-B7B9-2B1FAA840ED4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communications Manager (CUCM) 5.x y 6.x, Unified Presence 1.x y 6.x, Emergency Responder 2.x, y Mobility Manager 2.x, no requiere autenticaci\u00f3n para las peticiones recibidas desde la red, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2008-1154", "lastModified": "2024-11-21T00:43:48.393", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-04T19:44:00.000", "references": [{"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/29670"}, {"source": "ykramarz@cisco.com", "url": "http://securitytracker.com/id?1019768"}, {"source": "ykramarz@cisco.com", "tags": ["Patch"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/28591"}, {"source": "ykramarz@cisco.com", "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1019768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}