CVE-2008-3814

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/31642
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html	Patch Vendor Advisory
http://www.voipshield.com/research-details.php?id=126
http://secunia.com/advisories/32187	Vendor Advisory
http://www.securitytracker.com/id?1021011
http://www.securityfocus.com/bid/31638
http://www.vupen.com/english/advisories/2008/2771	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45741

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unity:4.2\(1\):::::::*
	cpe:2.3:a:cisco:unity:5.0\(1\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(5\):::::::*
	cpe:2.3:a:cisco:unity:7.0:::::::*
	cpe:2.3:a:cisco:unity:4.1\(1\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(2\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(3\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(4\):::::::*
	cpe:2.3:a:cisco:unity:7.0\(2\):::::::*
	cpe:2.3:a:cisco:unity:4.0\(4\):sr1::::::
	cpe:2.3:a:cisco:unity:4.0:::::::*
	cpe:2.3:a:cisco:unity:5.0:::::::*
	cpe:2.3:a:cisco:unity:4.0\(3\):sr1::::::
	cpe:2.3:a:cisco:unity:4.0\(1\):::::::*

Information

Published : 2008-10-08 15:00

Updated : 2017-08-07 18:32

NVD link : CVE-2008-3814

Mitre link : CVE-2008-3814

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

cisco

unity

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml", "name": "20081008 Authentication Bypass in Cisco Unity", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/31642", "name": "31642", "tags": [], "refsource": "BID"}, {"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html", "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.voipshield.com/research-details.php?id=126", "name": "http://www.voipshield.com/research-details.php?id=126", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/32187", "name": "32187", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1021011", "name": "1021011", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/31638", "name": "31638", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/2771", "name": "ADV-2008-2771", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45741", "name": "unityserver-anonymous-authentication-bypass(45741)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3814", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-10-08T22:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unity:4.2\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:5.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:7.0\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:32Z"}