SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   Cisco Unity Vendors:   Cisco
Cisco Unity Authentication Bypass Bug Lets Remote Users View and Modify the Configuration
SecurityTracker Alert ID:  1021011
SecurityTracker URL:  http://securitytracker.com/id/1021011
CVE Reference:   CVE-2008-3814   (Links to External Site)
Date:  Oct 8 2008
Impact:   Disclosure of system information, Modification of system information
Vendor Confirmed:  Yes  
Version(s): 4.x, 5.x, 7.x
Description:   A vulnerability was reported in Cisco Unity. A remote user can view and modify portions of the configuration.

When the system is configured for anonymous authentication, a remote user can bypass authentication to view and modify some configuration parameters on the target server.

The remote user cannot obtain credentials, personally identifiable information, or user information.

Systems that are configured for the Integrated Windows authentication method are not affected.

Cisco has assigned Cisco Bug ID CSCsr86943 to this vulnerability.

VoIPshield Systems reported this vulnerability.

Impact:   A remote user can view and modify some configuration parameters.
Solution:   No solution was available at the time of this entry.

The vendor plans to issue fixed versions (4.0ES161, 5.0ES53, and 7.0ES8).

The vendor's advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC