Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 7 Apr 2008 4544 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in various Cisco products, which could be exploited by remote attackers to cause a denial of service, disclose sensitive information, or take complete control of an affected system. This issue is caused by a design error in the Disaster Recovery Framework (DRF) Master server that does not perform authentication on requests received over the network, which could be exploited by remote unauthenticated attackers to perform DRF-related tasks and create a denial of service condition, obtain sensitive configuration information, overwrite configuration parameters, or execute arbitrary commands with full administrative privileges.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Cisco Unified Communications Manager (CUCM) 5.x and 6.x
  • Cisco Unified Communications Manager Business Edition
  • Cisco Unified Precense 1.x and 6.x
  • Cisco Emergency Responder 2.x
  • Cisco Mobility Manager 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Novell Kerberos KDC Multiple Vulnerabilities

7 Apr 2008 4417 Views

Next

Opera Multiple Vulnerabilities

7 Apr 2008 4406 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY