Vulnerability Description
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Emergency Responder | 1.1 |
| Cisco | Ip Call Center Express Enhanced | 3.0 |
| Cisco | Ip Call Center Express Standard | 3.0 |
| Cisco | Ip Interactive Voice Response | 3.0 |
| Cisco | Personal Assistant | 1.3\(1\) |
| Ibm | Director Agent | 2.2 |
| Cisco | Call Manager | 1.0 |
| Cisco | Internet Service Node | All versions |
| Cisco | Conference Connection | 1.1\(1\) |
| Ibm | Mcs-7815-1000 | All versions |
| Ibm | Mcs-7815I-2.0 | All versions |
| Ibm | Mcs-7835I-2.4 | All versions |
| Ibm | Mcs-7835I-3.0 | All versions |
| Ibm | X330 | 8654 |
| Ibm | X340 | All versions |
| Ibm | X342 | All versions |
| Ibm | X345 | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/10696PatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/o-066.shtml
- http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/602734PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/3692
- http://www.securityfocus.com/bid/9468PatchVendor Advisory
- http://www.securitytracker.com/id?1008814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14900
- http://secunia.com/advisories/10696PatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/o-066.shtml
- http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/602734PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/3692
- http://www.securityfocus.com/bid/9468PatchVendor Advisory
- http://www.securitytracker.com/id?1008814
FAQ
What is CVE-2004-1760?
CVE-2004-1760 is a vulnerability with a CVSS score of 10.0 (HIGH). The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administ...
How severe is CVE-2004-1760?
CVE-2004-1760 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1760?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Emergency Responder, Cisco Ip Call Center Express Enhanced, Cisco Ip Call Center Express Standard, Cisco Ip Interactive Voice Response, Cisco Personal Assistant.