Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
RISK: Medium Risk
A vulnerability has been identified in various Cisco products, which could be exploited by remote attackers to cause a denial of service, disclose sensitive information, or take complete control of an affected system. This issue is caused by a design error in the Disaster Recovery Framework (DRF) Master server that does not perform authentication on requests received over the network, which could be exploited by remote unauthenticated attackers to perform DRF-related tasks and create a denial of service condition, obtain sensitive configuration information, overwrite configuration parameters, or execute arbitrary commands with full administrative privileges.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Cisco Unified Communications Manager (CUCM) 5.x and 6.x
- Cisco Unified Communications Manager Business Edition
- Cisco Unified Precense 1.x and 6.x
- Cisco Emergency Responder 2.x
- Cisco Mobility Manager 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to the fixed version:
http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml
Vulnerability Identifier
Source
Related Link
Share with