CVE-2004-1760

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/10696	Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/o-066.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/602734	Patch Third Party Advisory US Government Resource
http://www.osvdb.org/3692
http://www.securityfocus.com/bid/9468	Patch Vendor Advisory
http://www.securitytracker.com/id?1008814
https://exchange.xforce.ibmcloud.com/vulnerabilities/14900
http://secunia.com/advisories/10696	Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/o-066.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/602734	Patch Third Party Advisory US Government Resource
http://www.osvdb.org/3692
http://www.securityfocus.com/bid/9468	Patch Vendor Advisory
http://www.securitytracker.com/id?1008814
https://exchange.xforce.ibmcloud.com/vulnerabilities/14900

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:emergency_responder:1.1:::::::*
	cpe:2.3:a:cisco:ip_call_center_express_enhanced:3.0:::::::*
	cpe:2.3:a:cisco:ip_call_center_express_standard:3.0:::::::*
	cpe:2.3:a:cisco:ip_interactive_voice_response:3.0:::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(1\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(2\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(3\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.3\(4\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.4\(1\):::::::*
	cpe:2.3:a:cisco:personal_assistant:1.4\(2\):::::::*
	cpe:2.3:a:ibm:director_agent:2.2:::::::*
	cpe:2.3:a:ibm:director_agent:3.11:::::::*
	cpe:2.3:h:cisco:call_manager:1.0:::::::*
	cpe:2.3:h:cisco:call_manager:2.0:::::::*
	cpe:2.3:h:cisco:call_manager:3.0:::::::*
	cpe:2.3:h:cisco:call_manager:3.1:::::::*
	cpe:2.3:h:cisco:call_manager:3.1\(2\):::::::*
	cpe:2.3:h:cisco:call_manager:3.1\(3a\):::::::*
	cpe:2.3:h:cisco:call_manager:3.2:::::::*
	cpe:2.3:h:cisco:call_manager:3.3:::::::*
	cpe:2.3:h:cisco:call_manager:3.3\(3\):::::::*
	cpe:2.3:h:cisco:call_manager:4.0:::::::*
	cpe:2.3:h:cisco:internet_service_node::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:cisco:conference_connection:1.1\(1\):::::::*
	cpe:2.3:o:cisco:conference_connection:1.2:::::::*

Configuration 3 (hide)

OR	cpe:2.3:h:ibm:mcs-7815-1000::::::::
	cpe:2.3:h:ibm:mcs-7815i-2.0::::::::
	cpe:2.3:h:ibm:mcs-7835i-2.4::::::::
	cpe:2.3:h:ibm:mcs-7835i-3.0::::::::
	cpe:2.3:h:ibm:x330:8654:::::::*
	cpe:2.3:h:ibm:x330:8674:::::::*
	cpe:2.3:h:ibm:x340::::::::
	cpe:2.3:h:ibm:x342::::::::
	cpe:2.3:h:ibm:x345::::::::

History

20 Nov 2024, 23:51

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/10696 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/10696 - Patch, Vendor Advisory
References	~~() http://www.ciac.org/ciac/bulletins/o-066.shtml -~~	() http://www.ciac.org/ciac/bulletins/o-066.shtml -
References	~~() http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml - Patch, Vendor Advisory~~	() http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml - Patch, Vendor Advisory
References	~~() http://www.kb.cert.org/vuls/id/602734 - Patch, Third Party Advisory, US Government Resource~~	() http://www.kb.cert.org/vuls/id/602734 - Patch, Third Party Advisory, US Government Resource
References	~~() http://www.osvdb.org/3692 -~~	() http://www.osvdb.org/3692 -
References	~~() http://www.securityfocus.com/bid/9468 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/9468 - Patch, Vendor Advisory
References	~~() http://www.securitytracker.com/id?1008814 -~~	() http://www.securitytracker.com/id?1008814 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/14900 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/14900 -

Information

Published : 2004-01-21 05:00

Updated : 2024-11-20 23:51

NVD link : CVE-2004-1760

Mitre link : CVE-2004-1760

CVE.ORG link : CVE-2004-1760

JSON object : View

Products Affected

ibm

mcs-7835i-3.0
mcs-7815-1000
x330
mcs-7815i-2.0
x340
director_agent
x342
mcs-7835i-2.4
x345

cisco

call_manager
personal_assistant
internet_service_node
ip_interactive_voice_response
conference_connection
ip_call_center_express_standard
emergency_responder
ip_call_center_express_enhanced

CWE

CWE-287

Improper Authentication

10.0 /10