5.8
CVE-2008-3814
- EPSS 1.7%
- Veröffentlicht 08.10.2008 22:00:01
- Zuletzt bearbeitet 16.06.2026 22:56:35
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.7% | 0.743 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://secunia.com/advisories/32187
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
http://www.securityfocus.com/bid/31638
http://www.securityfocus.com/bid/31642
http://www.securitytracker.com/id?1021011
http://www.voipshield.com/research-details.php?id=126
http://www.vupen.com/english/advisories/2008/2771
https://exchange.xforce.ibmcloud.com/vulnerabilities/45741