CVE-2004-1760

CWE-287 — Improper Authentication3 documents3 sources

Severity

10.0CRITICAL

EPSS

10.1%

top 6.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Call Manager Cisco Conference Connection Cisco Emergency Responder +6 more

Timeline

PublishedJan 21

Latest updateApr 29

Description

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages9 packages

▶NVDibm/director_agent2.2, 3.11+1

▶NVDcisco/ip_interactive_voice_response3.0

▶NVDcisco/call_manager10 versions+9

▶NVDcisco/personal_assistant6 versions+5

▶NVDcisco/emergency_responder1.1

Patches

Patch: secunia.com ↗Patch: www.cisco.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-3785-7xjj-4m88: The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000↗2022-04-29

▶

CVEList

CVE-2004-1760: The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000↗2005-03-10

▶