CVE-2008-3814
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
08/10/2008
Last modified:
09/04/2025
Description
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.0\(1\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.0\(2\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.0\(3\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.0\(3\):sr1:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.0\(4\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.0\(4\):sr1:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.0\(5\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.1\(1\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:4.2\(1\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:5.0\(1\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:unity:7.0\(2\):*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/32187
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml
- http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
- http://www.securityfocus.com/bid/31638
- http://www.securityfocus.com/bid/31642
- http://www.securitytracker.com/id?1021011=
- http://www.voipshield.com/research-details.php?id=126
- http://www.vupen.com/english/advisories/2008/2771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45741
- http://secunia.com/advisories/32187
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml
- http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html
- http://www.securityfocus.com/bid/31638
- http://www.securityfocus.com/bid/31642
- http://www.securitytracker.com/id?1021011=
- http://www.voipshield.com/research-details.php?id=126
- http://www.vupen.com/english/advisories/2008/2771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45741