CVE-2008-1154

{"id": "CVE-2008-1154", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-04-04T19:44:00.000", "references": [{"url": "http://secunia.com/advisories/29670", "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1019768", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml", "tags": ["Patch"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/28591", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1093", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communications Manager (CUCM) 5.x y 6.x, Unified Presence 1.x y 6.x, Emergency Responder 2.x, y Mobility Manager 2.x, no requiere autenticaci\u00f3n para las peticiones recibidas desde la red, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-08T01:29:54.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:emergency_responder:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "984570AA-2517-440D-9A2F-8EBAEB022602"}, {"criteria": "cpe:2.3:a:cisco:mobility_manager:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BFAA32C-6AEC-490A-9514-BA5B10E9B0E3"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2AF68FA-433F-46F2-B309-B60A108BECFA"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "640BFEE2-B364-411E-B641-7471B88ED7CC"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E"}, {"criteria": "cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53DFD5A1-33C9-45E5-B7B9-2B1FAA840ED4"}, {"criteria": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}