Vulnerability Details CVE-2008-3814
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v2 Score 5.8
References
- http://secunia.com/advisories/32187
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml
- http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
- http://www.securityfocus.com/bid/31638
- http://www.securityfocus.com/bid/31642
- http://www.securitytracker.com/id?1021011
- http://www.voipshield.com/research-details.php?id=126
- http://www.vupen.com/english/advisories/2008/2771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45741
- http://secunia.com/advisories/32187
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml
- http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
- http://www.securityfocus.com/bid/31638
- http://www.securityfocus.com/bid/31642
- http://www.securitytracker.com/id?1021011
- http://www.voipshield.com/research-details.php?id=126
- http://www.vupen.com/english/advisories/2008/2771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45741
Products affected by CVE-2008-3814
-
cpe:2.3:a:cisco:unity:4.0
-
cpe:2.3:a:cisco:unity:4.0(1)
-
cpe:2.3:a:cisco:unity:4.0(2)
-
cpe:2.3:a:cisco:unity:4.0(3)
-
cpe:2.3:a:cisco:unity:4.0(4)
-
cpe:2.3:a:cisco:unity:4.0(5)
-
cpe:2.3:a:cisco:unity:4.1(1)
-
cpe:2.3:a:cisco:unity:4.2(1)
-
cpe:2.3:a:cisco:unity:5.0
-
cpe:2.3:a:cisco:unity:5.0(1)
-
cpe:2.3:a:cisco:unity:7.0
-
cpe:2.3:a:cisco:unity:7.0(2)