CVE-2008-1154

Cisco Unified Communications - RCE

Title source: llm

Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

References (6)

[Patch] http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28591

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41632

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1019768

[Third Party Advisory] http://secunia.com/advisories/29670

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1093

Scores

EPSS 0.0557

EPSS Percentile 90.1%

Classification

CWE

CWE-287

Status draft

Affected Products (8)

cisco/emergency_responder

cisco/mobility_manager

cisco/unified_communications_manager

cisco/unified_communications_manager

cisco/unified_communications_manager

cisco/unified_communications_manager

cisco/unified_presence

cisco/unified_presence

Timeline

Published Apr 04, 2008

Tracked Since Feb 18, 2026