Description
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45741
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2771
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32187
Various Sources x_refsource_misc
http://www.voipshield.com/research-details.php?id=126
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31642
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31638
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021011
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
Scores
EPSS
0.0170
EPSS Percentile
74.4%
Details
CWE
CWE-287
Status
published
Products (12)
cisco/unity
4.0
cisco/unity
4.0\(1\)
cisco/unity
4.0\(2\)
cisco/unity
4.0\(3\) (2 CPE variants)
cisco/unity
4.0\(4\) (2 CPE variants)
cisco/unity
4.0\(5\)
cisco/unity
4.1\(1\)
cisco/unity
4.2\(1\)
cisco/unity
5.0
cisco/unity
5.0\(1\)
... and 2 more
Published
Oct 08, 2008
Tracked Since
Feb 18, 2026