CVE-2004-1760

Cisco Emergency Responder - Authentication Bypass

Title source: rule

Description

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/10696

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-066.shtml

[Patch, Vendor Advisory] http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/602734

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/9468

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/14900

[Third Party Advisory, VDB Entry] http://www.osvdb.org/3692

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1008814

Scores

EPSS 0.1009

EPSS Percentile 93.0%

Classification

CWE

CWE-287

Status draft

Affected Products (34)

cisco/emergency_responder

cisco/ip_call_center_express_enhanced

cisco/ip_call_center_express_standard

cisco/ip_interactive_voice_response

cisco/personal_assistant

ibm/director_agent

cisco/call_manager

... and 19 more

Timeline

Published Jan 21, 2004

Tracked Since Feb 18, 2026