CVE-2008-1154

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Emergency_responder	Cisco	2.0 (including)	2.0 (including)
Mobility_manager	Cisco	2.0 (including)	2.0 (including)
Unified_communications_manager	Cisco	5.0 (including)	5.0 (including)
Unified_communications_manager	Cisco	5.1 (including)	5.1 (including)
Unified_communications_manager	Cisco	6.0 (including)	6.0 (including)
Unified_communications_manager	Cisco	6.1 (including)	6.1 (including)
Unified_presence	Cisco	1.0 (including)	1.0 (including)
Unified_presence	Cisco	6.0 (including)	6.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1154
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2008-1154

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References