CVE-2008-1154

critical

Description

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41632

http://www.vupen.com/english/advisories/2008/1093

http://www.securityfocus.com/bid/28591

http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml

http://securitytracker.com/id?1019768

http://secunia.com/advisories/29670

Details

Source: Mitre, NVD

Published: 2008-04-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05566