{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-25T00:00:00", "descriptions": [{"lang": "en", "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "cucm-risdatacollector-info-disclosure(43355)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}, {"name": "ADV-2008-1933", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"name": "30848", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30848"}, {"name": "29935", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29935"}, {"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"name": "1020361", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020361"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2008-2730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cucm-risdatacollector-info-disclosure(43355)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}, {"name": "ADV-2008-1933", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"name": "30848", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30848"}, {"name": "29935", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29935"}, {"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"name": "1020361", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020361"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.498Z"}, "title": "CVE Program Container", "references": [{"name": "cucm-risdatacollector-info-disclosure(43355)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}, {"name": "ADV-2008-1933", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"name": "30848", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30848"}, {"name": "29935", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29935"}, {"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"name": "1020361", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020361"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2008-2730", "datePublished": "2008-06-26T17:00:00", "dateReserved": "2008-06-16T00:00:00", "dateUpdated": "2024-08-07T09:14:14.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "640BFEE2-B364-411E-B641-7471B88ED7CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843."}, {"lang": "es", "value": "El Servicio Real -Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3) y 6.x versiones anteriores a la 6.1(1) permite a atacantes remotos evitar la autenticaci\u00f3n y obtener informaci\u00f3n sobre la configuraci\u00f3n en cluster y estad\u00edsticas, a trav\u00e9s de una conexi\u00f3n directa TCP al puerto de servicio, tambi\u00e9n conocida como Bug ID CSCsj90843."}], "id": "CVE-2008-2730", "lastModified": "2024-11-21T00:47:34.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-26T17:41:00.000", "references": [{"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/30848"}, {"source": "ykramarz@cisco.com", "tags": ["Patch"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/29935"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1020361"}, {"source": "ykramarz@cisco.com", "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}