5.8

CVE-2008-3814

EPSS 0.48%
Veröffentlicht 08.10.2008 22:00:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Unity Version4.0

Cisco ≫ Unity Version5.0

Cisco ≫ Unity Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.623

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/32187

Vendor Advisory

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml

Patch

Vendor Advisory

http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/31638

http://www.securityfocus.com/bid/31642

http://www.securitytracker.com/id?1021011

http://www.voipshield.com/research-details.php?id=126

http://www.vupen.com/english/advisories/2008/2771

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/45741

https://nvd.nist.gov/vuln/detail/CVE-2008-3814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3814

EUVD