CVE-2008-2062

Severity

50%

Complexity

99%

Confidentiality

48%

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 16 years ago

2008-06-26 17:41:00

Last updated 5 years ago

2019-07-31 12:55:00

Affected Software

Cisco Unified Communications Manager

References

30848

Third Party Advisory

20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

Patch, Vendor Advisory

29935

Third Party Advisory, VDB Entry

1020361

Third Party Advisory, VDB Entry

ADV-2008-1933

Permissions Required

cucm-risdatacollector-info-disclosure(43355)

Third Party Advisory, VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.