CVE-2008-2730

CVSS V2 Medium 5 CVSS V3 None
Description
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
Overview
  • CVE ID
  • CVE-2008-2730
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-06-26T17:41:00
  • Last Modified Date
  • 2017-08-08T01:31:16
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml Patch
http://secunia.com/advisories/30848
http://www.securityfocus.com/bid/29935
http://www.securitytracker.com/id?1020361
http://www.vupen.com/english/advisories/2008/1933/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43355
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-2730
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2730
History
Created Old Value New Value Data Type Notes
2022-05-10 09:07:23 Added to TrackCVE