CVE-2008-2062

Properties

Published:
25.06.2008
Updated:
26.06.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Product:
Cisco: Unified CallManager
Cisco: Unified Communications Manager
Cisco: Unified Communications Manager
Cisco: Unified Communications Manager

Vulnerability description

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.

References:

CISCO:http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml