CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1154

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile13.22th
PublishedApr 4, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Cisco

Emergency Responder

= 2.0
πŸ“¦
Cisco

Mobility Manager

= 2.0
πŸ“¦
Cisco

Unified Communications Manager

= 5.0
πŸ“¦
Cisco

Unified Communications Manager

= 5.1
πŸ“¦
Cisco

Unified Communications Manager

= 6.0
πŸ“¦
Cisco

Unified Communications Manager

= 6.1
πŸ“¦
Cisco

Unified Presence

= 1.0
πŸ“¦
Cisco

Unified Presence

= 6.0

References & Advisories

πŸ”— http://secunia.com/advisories/29670
πŸ”— http://securitytracker.com/id?1019768
πŸ”— http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml
πŸ”— http://www.securityfocus.com/bid/28591
πŸ”— http://www.vupen.com/english/advisories/2008/1093
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41632
πŸ”— http://secunia.com/advisories/29670
πŸ”— http://securitytracker.com/id?1019768

Related Vulnerabilities

CVE-2016-64688.8

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker...

CVE-2017-67797.5

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaborati...

CVE-2014-21156.8

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earli...

CVE-2015-64056.8

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijac...

CVE-2008-1154 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space