CVE-2008-1154Improper Authentication in Cisco Emergency Responder

CWE-287Improper AuthenticationCWE-94Code Injection4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
5.6%
top 9.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Emergency ResponderCisco Mobility ManagerCisco Unified Communications Manager+1 more
Timeline
PublishedApr 4
Latest updateMay 1

Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDcisco/unified_presence1.0, 6.0+1

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-x77v-m6g8-v8pp: The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 52022-05-01
CVEList
CVE-2008-1154: The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 52008-04-04

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability2008-04-03
CVE-2008-1154 — Improper Authentication in Cisco | cvebase