{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-25T00:00:00", "descriptions": [{"lang": "en", "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "cucm-risdatacollector-info-disclosure(43355)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}, {"name": "ADV-2008-1933", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"name": "30848", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30848"}, {"name": "29935", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29935"}, {"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"name": "1020361", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020361"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2008-2062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cucm-risdatacollector-info-disclosure(43355)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}, {"name": "ADV-2008-1933", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"name": "30848", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30848"}, {"name": "29935", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29935"}, {"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"name": "1020361", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020361"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:49:57.608Z"}, "title": "CVE Program Container", "references": [{"name": "cucm-risdatacollector-info-disclosure(43355)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}, {"name": "ADV-2008-1933", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"name": "30848", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30848"}, {"name": "29935", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29935"}, {"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"name": "1020361", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020361"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2008-2062", "datePublished": "2008-06-26T17:00:00", "dateReserved": "2008-05-02T00:00:00", "dateUpdated": "2024-08-07T08:49:57.608Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D27236B-0B95-4899-B1AF-0E75D8B6044F", "versionEndExcluding": "4.2\\(3\\)sr4", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C428C26F-7960-4884-8202-372EBC214506", "versionEndExcluding": "4.3\\(2\\)sr1", "versionStartIncluding": "4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB3C4551-63D4-4FB6-9871-8E9C8E634B86", "versionEndExcluding": "5.1\\(3c\\)", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9E12823-198D-41FC-969E-2304CDC39EFC", "versionEndExcluding": "6.1\\(2\\)", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151."}, {"lang": "es", "value": "El Servicio Real-Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) versiones anteriores a la 4.2(3)SR4 y 4.3 versiones anterieos a la 4.3(2)SR1, permite a atacantes remotos evitar la autenticaci\u00f3n y obtener informaci\u00f3n sobre la configuraci\u00f3n en cluster y estad\u00edsticas, a trav\u00e9s de una conexi\u00f3n directa TCP al puerto de servicio, tambi\u00e9n conocida como Bug ID CSCsq35151."}], "id": "CVE-2008-2062", "lastModified": "2019-07-31T12:55:27.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-26T17:41:00.000", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30848"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/29935"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1020361"}, {"source": "ykramarz@cisco.com", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/1933/references"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}