CVE-2004-0044

3 documents3 sources
Severity
7.5HIGH
EPSS
0.9%
top 24.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Personal Assistant
Timeline
PublishedFeb 3
Latest updateApr 29

Description

Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/personal_assistant1.4\(1\), 1.4\(2\)+1

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-3855-3qhh-3pm8: Cisco Personal Assistant 12022-04-29
CVEList
CVE-2004-0044: Cisco Personal Assistant 12004-09-01
CVE-2004-0044 (HIGH CVSS 7.5) | Cisco Personal Assistant 1.4(1) and | cvebase.io