5.8

CVE-2008-3814

EPSS 0.48%
Published 08.10.2008 22:00:01
Last modified 09.04.2025 00:30:58
Source psirt@cisco.com
Teams watchlist Login
Open Login

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Unity Version4.0

Cisco ≫ Unity Version5.0

Cisco ≫ Unity Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.48%	0.623

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/32187

Vendor Advisory

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml

Patch

Vendor Advisory

http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/31638

http://www.securityfocus.com/bid/31642

http://www.securitytracker.com/id?1021011

http://www.voipshield.com/research-details.php?id=126

http://www.vupen.com/english/advisories/2008/2771

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/45741

https://nvd.nist.gov/vuln/detail/CVE-2008-3814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3814

EUVD