CVE-2008-3814

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/32187	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml	Patch Vendor Advisory
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/31638
http://www.securityfocus.com/bid/31642
http://www.securitytracker.com/id?1021011
http://www.voipshield.com/research-details.php?id=126
http://www.vupen.com/english/advisories/2008/2771	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45741

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unity:4.0:::::::*
	cpe:2.3:a:cisco:unity:4.0\(1\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(2\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(3\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(3\):sr1::::::
	cpe:2.3:a:cisco:unity:4.0\(4\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(4\):sr1::::::
	cpe:2.3:a:cisco:unity:4.0\(5\):::::::*
	cpe:2.3:a:cisco:unity:4.1\(1\):::::::*
	cpe:2.3:a:cisco:unity:4.2\(1\):::::::*
	cpe:2.3:a:cisco:unity:5.0:::::::*
	cpe:2.3:a:cisco:unity:5.0\(1\):::::::*
	cpe:2.3:a:cisco:unity:7.0:::::::*
	cpe:2.3:a:cisco:unity:7.0\(2\):::::::*

History

No history.

Information

Published : 2008-10-08 22:00

Updated : 2024-02-04 17:33

NVD link : CVE-2008-3814

Mitre link : CVE-2008-3814

CVE.ORG link : CVE-2008-3814

JSON object : View

Products Affected

cisco

unity

CWE

CWE-287

Improper Authentication

{"id": "CVE-2008-3814", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-10-08T22:00:01.730", "references": [{"url": "http://secunia.com/advisories/32187", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/31638", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/31642", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1021011", "source": "ykramarz@cisco.com"}, {"url": "http://www.voipshield.com/research-details.php?id=126", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2008/2771", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45741", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Unity de Cisco versiones 4.x anteriores a 4.2 (1) ES161, versiones 5.x anteriores a 5.0 (1) ES53 y versiones 7.x anteriores 7.0 (2) ES8, cuando utiliza autenticaci\u00f3n an\u00f3nima (tambi\u00e9n conocida como autenticaci\u00f3n Unity nativa), permite a los atacantes remotos omitir la autenticaci\u00f3n y leer o modificar los par\u00e1metros de configuraci\u00f3n del sistema yendo hacia un enlace espec\u00edfico m\u00e1s de una vez."}], "lastModified": "2017-08-08T01:32:11.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7069DF8-3006-4651-816A-855C980256FA"}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDE9975D-17B0-4EC8-8278-A715F4BF14F4"}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9555A7EC-C0B6-4F48-99BE-BCE51446CF47"}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019"}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05B00B2-F624-427C-9643-19B8E057193D"}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A164F687-98DB-409D-A9C4-D04ECF6DD53F"}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255CAB12-EE1D-4DC3-B854-E0D645F4C9B8"}, {"criteria": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5"}, {"criteria": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B746D68B-C6A4-494C-9302-F4652E1E2A13"}, {"criteria": "cpe:2.3:a:cisco:unity:4.2\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B478632-B2D4-443B-961A-0B3CF1A593CE"}, {"criteria": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20DAD5D8-6882-48FE-AE7A-9440F47F6C2A"}, {"criteria": "cpe:2.3:a:cisco:unity:5.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63260FD4-A010-4B2C-8654-4E18D5E8B364"}, {"criteria": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EED32D3-A1C5-430C-8488-4D221196CB76"}, {"criteria": "cpe:2.3:a:cisco:unity:7.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8268EB91-5DCC-4E0C-9537-07EF5CE1695C"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}