CVE-2008-1154
First published: Fri Apr 04 2008(Updated: )
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Emergency Responder | =2.0 | |
| Cisco Mobility Manager | =2.0 | |
| Cisco Unified Communications Manager Session Management Edition | =5.0 | |
| Cisco Unified Communications Manager Session Management Edition | =5.1 | |
| Cisco Unified Communications Manager Session Management Edition | =6.0 | |
| Cisco Unified Communications Manager Session Management Edition | =6.1 | |
| Cisco Unified Presence Server | =1.0 | |
| Cisco Unified Presence Server | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml
- http://www.securityfocus.com/bid/28591
- http://securitytracker.com/id?1019768
- http://secunia.com/advisories/29670
- http://www.vupen.com/english/advisories/2008/1093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41632
Frequently Asked Questions
What is the severity of CVE-2008-1154?
CVE-2008-1154 has been assigned a high severity level due to its potential to allow unauthorized access to critical communications systems.
How do I fix CVE-2008-1154?
To fix CVE-2008-1154, ensure that proper authentication mechanisms are implemented for requests received by the Disaster Recovery Framework in affected Cisco products.
What Cisco products are affected by CVE-2008-1154?
CVE-2008-1154 affects Cisco Unified Communications Manager versions 5.x and 6.x, Unified Presence versions 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x.
What kind of attack can exploit CVE-2008-1154?
CVE-2008-1154 can be exploited for unauthorized manipulation and control of communications settings, potentially leading to service disruptions.
Is there a patch available for CVE-2008-1154?
As of now, Cisco has not publicly disclosed a specific patch for CVE-2008-1154, so users should implement recommended workarounds and security measures.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cisco
- canonical/cisco emergency responder
- version/cisco emergency responder/2.0
- canonical/cisco mobility manager
- version/cisco mobility manager/2.0
- canonical/cisco unified communications manager session management edition
- version/cisco unified communications manager session management edition/5.0
- version/cisco unified communications manager session management edition/5.1
- version/cisco unified communications manager session management edition/6.0
- version/cisco unified communications manager session management edition/6.1
- canonical/cisco unified presence server
- version/cisco unified presence server/1.0
- version/cisco unified presence server/6.0