Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability

cisco-sa-20080403-drf · Critical · Published · Updated

Several products in the Cisco Unified Communications family of products contain a command execution vulnerability in the Disaster Recovery Framework (DRF) feature. A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that may allow full administrative access to affected systems. There is a workaround for this vulnerability. Cisco has released software updates that address this vulnerability. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080403-drf.

Cisco advisory · CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2008-1154
Cisco Bug IDsNA
CVSS ScoreBase 10.0
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Emergency Responder, Cisco Unified Presence Server, Cisco Unified MobilityManager, Cisco Unified Communications Manager

Related Products

Product CVE Evidence
Cisco Unified Presence Server CVE-2008-1154 Cisco OpenVuln
Cisco Unified MobilityManager CVE-2008-1154 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2008-1154 Cisco OpenVuln
Cisco Emergency Responder CVE-2008-1154 Cisco OpenVuln