10

CVE-2004-1760

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoEmergency Responder Version1.1
IbmDirector Agent Version2.2
IbmDirector Agent Version3.11
CiscoCall Manager Version1.0
CiscoCall Manager Version2.0
CiscoCall Manager Version3.0
CiscoCall Manager Version3.1
CiscoCall Manager Version3.2
CiscoCall Manager Version3.3
CiscoCall Manager Version4.0
CiscoConference Connection Version1.2
IbmX330 Version8654
IbmX330 Version8674
IbmX340
IbmX342
IbmX345
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.8% 0.886
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/10696
Patch
Vendor Advisory
http://www.ciac.org/ciac/bulletins/o-066.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
Patch
Vendor Advisory
http://www.securitytracker.com/id?1008814
http://www.kb.cert.org/vuls/id/602734
Patch
Third Party Advisory
US Government Resource
http://www.osvdb.org/3692
http://www.securityfocus.com/bid/9468
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/14900