1. Home
  2. CVE Database
  3. CVE-2008-1154
HIGH · 10.0

CVE-2008-1154

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Respo...

Vulnerability Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoEmergency Responder2.0
CiscoMobility Manager2.0
CiscoUnified Communications Manager5.0
CiscoUnified Presence1.0

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2008-1154?

CVE-2008-1154 is a vulnerability with a CVSS score of 10.0 (HIGH). The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Respo...

How severe is CVE-2008-1154?

CVE-2008-1154 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1154?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Emergency Responder, Cisco Mobility Manager, Cisco Unified Communications Manager, Cisco Unified Presence.