5

CVE-2008-2062

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoUnified Communications Manager Version >= 4.2 < 4.2\(3\)sr4
CiscoUnified Communications Manager Version >= 4.3 < 4.3\(2\)sr1
CiscoUnified Communications Manager Version >= 5.0 < 5.1\(3c\)
CiscoUnified Communications Manager Version >= 6.0 < 6.1\(2\)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30848
Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1933/references
Permissions Required
http://www.securityfocus.com/bid/29935
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020361
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/43355
Third Party Advisory
VDB Entry