CVE-2008-2730

Cisco Unified Communications Manager - Authentication Bypass

Title source: rule

Description

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.

References (6)

[Patch] http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29935

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43355

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020361

[Third Party Advisory] http://secunia.com/advisories/30848

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1933/references

Scores

EPSS 0.0051

EPSS Percentile 65.9%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

cisco/unified_communications_manager

cisco/unified_communications_manager

Timeline

Published Jun 26, 2008

Tracked Since Feb 18, 2026