CVE-2008-1154

Cisco Unified Communications Products - Unauthenticated Remote Code Execution

Title source: llm
STIX 2.1

Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28591
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019768
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1093
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41632
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29670

Scores

EPSS 0.0514
EPSS Percentile 91.4%

Details

CWE
CWE-287
Status published
Products (8)
cisco/emergency_responder 2.0
cisco/mobility_manager 2.0
cisco/unified_communications_manager 5.0
cisco/unified_communications_manager 5.1
cisco/unified_communications_manager 6.0
cisco/unified_communications_manager 6.1
cisco/unified_presence 1.0
cisco/unified_presence 6.0
Published Apr 04, 2008
Tracked Since Feb 18, 2026