CVEブラウザに戻る

CVE-2008-1154

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1660%

EPSS Percentile13.22th

Published2008年4月4日

Last Modified2026年4月23日

Vulnerability Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected Platforms (CPE)

📦

Cisco

Emergency Responder

= 2.0

📦

Cisco

Mobility Manager

= 2.0

📦

Cisco

Unified Communications Manager

= 5.0

📦

Cisco

Unified Communications Manager

= 5.1

📦

Cisco

Unified Communications Manager

= 6.0

📦

Cisco

Unified Communications Manager

= 6.1

📦

Cisco

Unified Presence

= 1.0

📦

Cisco

Unified Presence

= 6.0

References & Advisories

🔗 http://secunia.com/advisories/29670

🔗 http://securitytracker.com/id?1019768

🔗 http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml

🔗 http://www.securityfocus.com/bid/28591

🔗 http://www.vupen.com/english/advisories/2008/1093

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41632

🔗 http://secunia.com/advisories/29670

🔗 http://securitytracker.com/id?1019768

関連する脆弱性情報

CVE-2016-64688.8

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker...

CVE-2017-67797.5

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaborati...

CVE-2014-21156.8

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earli...

CVE-2015-64056.8

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijac...