HIGH✓ PATCH🇬🇧 English

CVE-2008-1154

CVSS 10.0v2.0pub. 2008-04-04upd. 2026-04-23

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Cisco Emergency Responder

    APP
    Cisco
    2.0
  • Cisco Mobility Manager

    APP
    Cisco
    2.0
  • Cisco Unified Communications Manager

    APP
    Cisco
    5.05.16.06.1
  • Cisco Unified Presence

    APP
    Cisco
    1.06.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2025-20309CRITICAL10.0PL ✓ten sam produkt

Cisco Unified CM — statyczne dane logowania root umożliwiają pełne przejęcie systemu

CVE-2024-20253CRITICAL9.9PL ✓ten sam produkt

RCE w produktach Cisco Unified Communications — eskalacja do root

CVE-2023-20101CRITICAL9.8ten sam produkt

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an a...

CVE-2017-12337CRITICAL9.8ten sam produkt

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating Sy...

CVE-2026-20230HIGH8.6⚠ KEVten sam produkt

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager ...