CVE-2008-1154
Cisco Unified Communications Products - Unauthenticated Remote Code Execution
Title source: llmDescription
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28591
Patch vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019768
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1093
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41632
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29670
Scores
EPSS
0.0514
EPSS Percentile
91.4%
Details
CWE
CWE-287
Status
published
Products (8)
cisco/emergency_responder
2.0
cisco/mobility_manager
2.0
cisco/unified_communications_manager
5.0
cisco/unified_communications_manager
5.1
cisco/unified_communications_manager
6.0
cisco/unified_communications_manager
6.1
cisco/unified_presence
1.0
cisco/unified_presence
6.0
Published
Apr 04, 2008
Tracked Since
Feb 18, 2026