cisco-sa-20081008-unity

Authentication Bypass in Cisco Unity

cisco-sa-20081008-unity · Medium · Published 17 years ago · Updated 17 years ago

A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters of the Cisco Unity server. Cisco has released software updates that address this vulnerabilities. A workaround that mitigates this vulnerability is available. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20081008-unity.

Cisco advisory ·CSAF JSON

Workarounds

Integrated Windows authentication is not affected by this vulnerability and may be used as an alternative to Anonymous Authentication.

Details on authentication mechanisms and how to configure them can be found in the Installation Guide for Cisco Unity in the Setting Up Authentication for the Cisco Unity Administrator http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/installation/guide/umexnofo/5xcuigumenofo100.html section.

CVEs	CVE-2008-3814
Cisco Bug IDs	NA
CVSS Score	Base 5.8 Base 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source	Cisco Unity

Related Products

Product	CVE	Evidence
Cisco Unity	CVE-2008-3814	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Authentication Bypass in Cisco Unity

Workarounds

Related Products