CVE-2004-1760
First published: Wed Jan 21 2004(Updated: )
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Emergency Responder | =1.1 | |
| Cisco Unified Contact Center Express Enhanced | =3.0 | |
| Cisco IP Call Center Express Standard | =3.0 | |
| Cisco IP Interactive Voice Response (IVR) | =3.0 | |
| Cisco Personal Assistant | =1.3\(1\) | |
| Cisco Personal Assistant | =1.3\(2\) | |
| Cisco Personal Assistant | =1.3\(3\) | |
| Cisco Personal Assistant | =1.3\(4\) | |
| Cisco Personal Assistant | =1.4\(1\) | |
| Cisco Personal Assistant | =1.4\(2\) | |
| IBM Director Agent | =2.2 | |
| IBM Director Agent | =3.11 | |
| Cisco CallManager Express | =1.0 | |
| Cisco CallManager Express | =2.0 | |
| Cisco CallManager Express | =3.0 | |
| Cisco CallManager Express | =3.1 | |
| Cisco CallManager Express | =3.1\(2\) | |
| Cisco CallManager Express | =3.1\(3a\) | |
| Cisco CallManager Express | =3.2 | |
| Cisco CallManager Express | =3.3 | |
| Cisco CallManager Express | =3.3\(3\) | |
| Cisco CallManager Express | =4.0 | |
| Cisco Internet Service Node | ||
| cisco conference connection | =1.1\(1\) | |
| cisco conference connection | =1.2 | |
| IBM mcs-7815-1000 | ||
| IBM mcs-7815i-2.0 | ||
| IBM mcs-7835i-2.4 | ||
| IBM mcs-7835i | ||
| IBM x330 | =8654 | |
| IBM x330 | =8674 | |
| IBM x340 | ||
| IBM x342 | ||
| IBM x345 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
- http://www.kb.cert.org/vuls/id/602734
- http://www.securityfocus.com/bid/9468
- http://secunia.com/advisories/10696
- http://www.ciac.org/ciac/bulletins/o-066.shtml
- http://www.osvdb.org/3692
- http://www.securitytracker.com/id?1008814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14900
Frequently Asked Questions
What is the security risk associated with CVE-2004-1760?
CVE-2004-1760 allows remote attackers to gain administrator privileges due to the lack of authentication on TCP port 14247 in Cisco voice products.
Which Cisco products are affected by CVE-2004-1760?
CVE-2004-1760 affects various versions of Cisco Personal Assistant, Cisco Call Manager, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express among others.
How can I mitigate the risks associated with CVE-2004-1760?
To mitigate CVE-2004-1760, ensure that access to TCP port 14247 requires authentication or restrict access to this port.
What should I do if I am using a vulnerable product listed in CVE-2004-1760?
If using a vulnerable product listed in CVE-2004-1760, it is recommended to update to a secure version or apply the necessary patches provided by Cisco.
Is there a patch available for CVE-2004-1760?
Yes, Cisco releases patches to address CVE-2004-1760, and it's important to refer to the vendor's advisories for updates.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cisco
- canonical/cisco emergency responder
- version/cisco emergency responder/1.1
- canonical/cisco unified contact center express enhanced
- version/cisco unified contact center express enhanced/3.0
- canonical/cisco ip call center express standard
- version/cisco ip call center express standard/3.0
- canonical/cisco ip interactive voice response (ivr)
- version/cisco ip interactive voice response (ivr)/3.0
- canonical/cisco personal assistant
- version/cisco personal assistant/1.3\(1\)
- version/cisco personal assistant/1.3\(2\)
- version/cisco personal assistant/1.3\(3\)
- version/cisco personal assistant/1.3\(4\)
- version/cisco personal assistant/1.4\(1\)
- version/cisco personal assistant/1.4\(2\)
- vendor/ibm
- canonical/ibm director agent
- version/ibm director agent/2.2
- version/ibm director agent/3.11
- canonical/cisco callmanager express
- version/cisco callmanager express/1.0
- version/cisco callmanager express/2.0
- version/cisco callmanager express/3.0
- version/cisco callmanager express/3.1
- version/cisco callmanager express/3.1\(2\)
- version/cisco callmanager express/3.1\(3a\)
- version/cisco callmanager express/3.2
- version/cisco callmanager express/3.3
- version/cisco callmanager express/3.3\(3\)
- version/cisco callmanager express/4.0
- canonical/cisco internet service node
- canonical/cisco conference connection
- version/cisco conference connection/1.1\(1\)
- version/cisco conference connection/1.2
- canonical/ibm mcs-7815-1000
- canonical/ibm mcs-7815i-2.0
- canonical/ibm mcs-7835i-2.4
- canonical/ibm mcs-7835i
- canonical/ibm x330
- version/ibm x330/8654
- version/ibm x330/8674
- canonical/ibm x340
- canonical/ibm x342
- canonical/ibm x345