{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "28591", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28591"}, {"name": "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"name": "1019768", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019768"}, {"name": "ADV-2008-1093", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"name": "cisco-drf-command-execution(41632)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}, {"name": "29670", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29670"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2008-1154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28591", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28591"}, {"name": "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"name": "1019768", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019768"}, {"name": "ADV-2008-1093", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"name": "cisco-drf-command-execution(41632)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}, {"name": "29670", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29670"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.646Z"}, "title": "CVE Program Container", "references": [{"name": "28591", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28591"}, {"name": "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"name": "1019768", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019768"}, {"name": "ADV-2008-1093", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"name": "cisco-drf-command-execution(41632)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}, {"name": "29670", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29670"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2008-1154", "datePublished": "2008-04-04T19:00:00", "dateReserved": "2008-03-05T00:00:00", "dateUpdated": "2024-08-07T08:08:57.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:emergency_responder:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "984570AA-2517-440D-9A2F-8EBAEB022602", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_manager:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BFAA32C-6AEC-490A-9514-BA5B10E9B0E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2AF68FA-433F-46F2-B309-B60A108BECFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "640BFEE2-B364-411E-B641-7471B88ED7CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "53DFD5A1-33C9-45E5-B7B9-2B1FAA840ED4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communications Manager (CUCM) 5.x y 6.x, Unified Presence 1.x y 6.x, Emergency Responder 2.x, y Mobility Manager 2.x, no requiere autenticaci\u00f3n para las peticiones recibidas desde la red, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2008-1154", "lastModified": "2017-08-08T01:29:54.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-04T19:44:00.000", "references": [{"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/29670"}, {"source": "ykramarz@cisco.com", "url": "http://securitytracker.com/id?1019768"}, {"source": "ykramarz@cisco.com", "tags": ["Patch"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/28591"}, {"source": "ykramarz@cisco.com", "url": "http://www.vupen.com/english/advisories/2008/1093"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}