Sign-up

ID

VAR-200210-0052


CVE

CVE-2002-1189


TITLE

Cisco Unity Default Limit International Transit Phone Forwarding Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-267

DESCRIPTION

The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. Unity is a Cisco software product designed to unify voice message, fax, and e-mail into a user's inbox. Under some circumstances, users may be able to forward calls to unauthorized destinations. However, this does not prevent forwarding to International operators

Trust: 1.26

sources: NVD: CVE-2002-1189 // BID: 5896 // VULHUB: VHN-5574

AFFECTED PRODUCTS

vendor:ciscomodel:unity serverscope:eqversion:3.1

Trust: 1.9

vendor:ciscomodel:unity serverscope:eqversion:3.0

Trust: 1.9

vendor:ciscomodel:unity serverscope:eqversion:2.46

Trust: 1.9

vendor:ciscomodel:unity serverscope:eqversion:2.4

Trust: 1.9

vendor:ciscomodel:unity serverscope:eqversion:2.3

Trust: 1.9

vendor:ciscomodel:unity serverscope:eqversion:2.2

Trust: 1.9

vendor:ciscomodel:unity serverscope:eqversion:2.1

Trust: 1.9

vendor:ciscomodel:unity serverscope:eqversion:2.0

Trust: 1.9

sources: BID: 5896 // CNNVD: CNNVD-200210-267 // NVD: CVE-2002-1189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1189
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200210-267
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5574
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1189
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5574
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5574 // CNNVD: CNNVD-200210-267 // NVD: CVE-2002-1189

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1189

THREAT TYPE

local

Trust: 0.9

sources: BID: 5896 // CNNVD: CNNVD-200210-267

TYPE

Configuration Error

Trust: 0.9

sources: BID: 5896 // CNNVD: CNNVD-200210-267

EXTERNAL IDS

db:BIDid:5896

Trust: 2.0

db:NVDid:CVE-2002-1189

Trust: 2.0

db:CNNVDid:CNNVD-200210-267

Trust: 0.7

db:CISCOid:20021004 PREDEFINED RESTRICTION TABLES ALLOW CALLS TO INTERNATIONAL OPERATOR

Trust: 0.6

db:XFid:10282

Trust: 0.6

db:VULHUBid:VHN-5574

Trust: 0.1

sources: VULHUB: VHN-5574 // BID: 5896 // CNNVD: CNNVD-200210-267 // NVD: CVE-2002-1189

REFERENCES

url:http://www.securityfocus.com/bid/5896

Trust: 2.7

url:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml

Trust: 2.7

url:http://www.iss.net/security_center/static/10282.php

Trust: 2.7

sources: VULHUB: VHN-5574 // CNNVD: CNNVD-200210-267 // NVD: CVE-2002-1189

CREDITS

Vulnerability announced in a Cisco Security Advisory.

Trust: 0.9

sources: BID: 5896 // CNNVD: CNNVD-200210-267

SOURCES

db:VULHUBid:VHN-5574
db:BIDid:5896
db:CNNVDid:CNNVD-200210-267
db:NVDid:CVE-2002-1189

LAST UPDATE DATE

2024-11-22T22:54:16.704000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-5574date:2008-09-10T00:00:00
db:BIDid:5896date:2009-07-11T17:06:00
db:CNNVDid:CNNVD-200210-267date:2005-05-13T00:00:00
db:NVDid:CVE-2002-1189date:2024-11-20T23:40:47.087

SOURCES RELEASE DATE

db:VULHUBid:VHN-5574date:2002-10-11T00:00:00
db:BIDid:5896date:2002-10-04T00:00:00
db:CNNVDid:CNNVD-200210-267date:2002-10-11T00:00:00
db:NVDid:CVE-2002-1189date:2002-10-11T04:00:00