CVE-2008-1154

critical Cisco
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
5.6%
Exploitation probability in 30 days
Top 10% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: April 4, 2008 (6613 days ago)
Last Modified: April 23, 2026
Vendor: Cisco
Source: NVD

Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

CWE

CWE-287

Affected Products

cisco emergency respondercisco mobility managercisco unified communications managercisco unified presence

References

🔗 secunia.com 🔗 securitytracker.com 🔗 www.cisco.com 🔗 www.securityfocus.com 🔗 www.vupen.com