Vulnerability Description
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Personal Assistant | 1.4\(1\) |
References
- http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtmlPatchVendor Advisory
- http://www.osvdb.org/3430
- http://www.securityfocus.com/bid/9384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14172
- http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtmlPatchVendor Advisory
- http://www.osvdb.org/3430
- http://www.securityfocus.com/bid/9384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14172
FAQ
What is CVE-2004-0044?
CVE-2004-0044 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service bei...
How severe is CVE-2004-0044?
CVE-2004-0044 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0044?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Personal Assistant.