Cisco Unified Communications Disaster Recovery Framework Command Execution

Cisco Unified Communications Disaster Recovery Framework Command Execution

Secunia Advisory: SA29670   Release Date: 2008-04-04 Critical: Moderately critical Impact: Security BypassSystem accessWhere: From local networkSolution Status: Vendor Patch Software:Cisco Emergency Responder 2.xCisco Unified Communications Manager 5.xCisco Unified Communications Manager 6.xCisco Unified Presence 6.x

Description:A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to the Disaster Recovery Framework (DRF) Master not performing authentication on requests received over the network. This can be exploited to perform any DRF-related tasks via the DRF Master service (port 4040/TCP).Successful exploitation allows execution of arbitrary commands.The vulnerability affects the following products and versions:* Cisco Unified Communications Manager (CUCM) 5.x and 6.x* Cisco Unified Communications Manager Business Edition* Cisco Unified Precense 1.x and 6.x* Cisco Emergency Responder 2.x* Cisco Mobility Manager 2.xSolution:The vendor has issued updates (please see the vendor"s advisory for details).Provided and/or discovered by:The vendor credits VoIPshield Systems.Original Advisory:http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml

Döküman Arama

Başlık :

Kapat