Vulnerability Details : CVE-2008-1154
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerability category: Execute codeBypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2008-1154
Probability of exploitation activity in the next 30 days: 10.71%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-1154
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-1154
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1154
Products affected by CVE-2008-1154
- cpe:2.3:a:cisco:emergency_responder:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_manager:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*