Details of VAR-200401-0063

ID

VAR-200401-0063

CVE

CVE-2004-1759

TITLE

Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 9469 // CNNVD: CNNVD-200401-056

DESCRIPTION

Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. Cisco IBM Director agent fails to authenticate users for remote administration. The issue is reported to present itself when a port that is associated with the affected software is scanned with a port scanner. This will cause the target Cisco voice server to become inoperative until the affected server is rebooted. Cisco voice devices are available on multiple operating platforms, including IBM. By default, TCP and UDP 14247 ports will be opened in an unsafe manner. Scanning through a common network port scanner will cause IBM Director to consume a large amount of resources when processing twgipc.exe. CPU time, thereby stopping other responses

Trust: 2.79

sources: NVD: CVE-2004-1759 // CERT/CC: VU#602734 // CERT/CC: VU#721092 // BID: 9469 // VULHUB: VHN-10189 // VULMON: CVE-2004-1759

AFFECTED PRODUCTS

vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1	Trust: 1.6
vendor:	ibm	model:	director agent	scope:	eq	version:	3.11	Trust: 1.3
vendor:	ibm	model:	director agent	scope:	eq	version:	2.2	Trust: 1.3
vendor:	cisco	model:	ip interactive voice response	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	ip call center express standard	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	ip call center express enhanced	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	1.1	Trust: 1.3
vendor:	cisco	model:	conference connection	scope:	eq	version:	1.2	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.2	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	2.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	1.0	Trust: 1.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(2\)	Trust: 1.0
vendor:	ibm	model:	mcs-7815i-2.0	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(4\)	Trust: 1.0
vendor:	ibm	model:	x342	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(3\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(2\)	Trust: 1.0
vendor:	ibm	model:	mcs-7835i-2.4	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4\(2\)	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(1\)	Trust: 1.0
vendor:	ibm	model:	x340	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)	Trust: 1.0
vendor:	ibm	model:	mcs-7835i-3.0	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	mcs-7815-1000	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	x330	scope:	eq	version:	8674	Trust: 1.0
vendor:	ibm	model:	x345	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	conference connection	scope:	eq	version:	1.1\(1\)	Trust: 1.0
vendor:	ibm	model:	x330	scope:	eq	version:	8654	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4\(1\)	Trust: 1.0
vendor:	cisco	model:	internet service node	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	mcs-7815i-2.0	scope:	-	version:	-	Trust: 0.9
vendor:	ibm	model:	mcs-7815-1000	scope:	-	version:	-	Trust: 0.9
vendor:	ibm	model:	mcs-7835i-2.4	scope:	-	version:	-	Trust: 0.6
vendor:	ibm	model:	-	scope:	eq	version:	x345	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x342	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x340	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x3308674	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x3308654	Trust: 0.3
vendor:	ibm	model:	mcs-7835i-3.0	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	director agent	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4(2)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4(1)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(4)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(3)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(2)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(1)	Trust: 0.3
vendor:	cisco	model:	internet service node	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	conference connection	scope:	eq	version:	1.1(1)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(3)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1(2)	Trust: 0.3

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // BID: 9469 // CNNVD: CNNVD-200401-056 // NVD: CVE-2004-1759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1759
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#602734
value:	14.93
Trust: 0.8
CARNEGIE MELLON:	VU#721092
value:	3.87
Trust: 0.8
CNNVD:	CNNVD-200401-056
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10189
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2004-1759
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1759
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-10189
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // VULHUB: VHN-10189 // VULMON: CVE-2004-1759 // CNNVD: CNNVD-200401-056 // NVD: CVE-2004-1759

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.1

sources: VULHUB: VHN-10189 // NVD: CVE-2004-1759

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200401-056

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200401-056

EXTERNAL IDS

db:	SECUNIA	id:	10696	Trust: 3.4
db:	CERT/CC	id:	VU#721092	Trust: 2.6
db:	BID	id:	9469	Trust: 2.1
db:	NVD	id:	CVE-2004-1759	Trust: 2.1
db:	OSVDB	id:	3691	Trust: 1.8
db:	SECTRACK	id:	1008814	Trust: 1.8
db:	CERT/CC	id:	VU#602734	Trust: 0.8
db:	CNNVD	id:	CNNVD-200401-056	Trust: 0.7
db:	CISCO	id:	20040121 VOICE PRODUCT VULNERABILITIES ON IBM SERVERS	Trust: 0.6
db:	CIAC	id:	O-066	Trust: 0.6
db:	XF	id:	14901	Trust: 0.6
db:	VULHUB	id:	VHN-10189	Trust: 0.1
db:	VULMON	id:	CVE-2004-1759	Trust: 0.1

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // VULHUB: VHN-10189 // VULMON: CVE-2004-1759 // BID: 9469 // CNNVD: CNNVD-200401-056 // NVD: CVE-2004-1759

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml	Trust: 3.7
url:	http://www.securityfocus.com/bid/9469	Trust: 1.8
url:	http://www.kb.cert.org/vuls/id/721092	Trust: 1.8
url:	http://www.ciac.org/ciac/bulletins/o-066.shtml	Trust: 1.8
url:	http://www.osvdb.org/3691	Trust: 1.8
url:	http://www.securitytracker.com/id?1008814	Trust: 1.8
url:	http://secunia.com/advisories/10696	Trust: 1.8
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00801ede01.shtml	Trust: 1.6
url:	http://www.secunia.com/advisories/10696/	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/14901	Trust: 1.2
url:	http://xforce.iss.net/xforce/xfdb/14901	Trust: 0.6
url:	/archive/1/359500	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=7192	Trust: 0.1

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // VULHUB: VHN-10189 // VULMON: CVE-2004-1759 // BID: 9469 // CNNVD: CNNVD-200401-056 // NVD: CVE-2004-1759

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200401-056

SOURCES

db:	CERT/CC	id:	VU#602734
db:	CERT/CC	id:	VU#721092
db:	VULHUB	id:	VHN-10189
db:	VULMON	id:	CVE-2004-1759
db:	BID	id:	9469
db:	CNNVD	id:	CNNVD-200401-056
db:	NVD	id:	CVE-2004-1759

LAST UPDATE DATE

2024-08-14T13:40:23.340000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#602734	date:	2004-01-23T00:00:00
db:	CERT/CC	id:	VU#721092	date:	2004-01-23T00:00:00
db:	VULHUB	id:	VHN-10189	date:	2017-07-11T00:00:00
db:	VULMON	id:	CVE-2004-1759	date:	2017-07-11T00:00:00
db:	BID	id:	9469	date:	2015-03-19T08:23:00
db:	CNNVD	id:	CNNVD-200401-056	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1759	date:	2017-07-11T01:31:19.827

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#602734	date:	2004-01-22T00:00:00
db:	CERT/CC	id:	VU#721092	date:	2004-01-22T00:00:00
db:	VULHUB	id:	VHN-10189	date:	2004-01-21T00:00:00
db:	VULMON	id:	CVE-2004-1759	date:	2004-01-21T00:00:00
db:	BID	id:	9469	date:	2004-01-21T00:00:00
db:	CNNVD	id:	CNNVD-200401-056	date:	2004-01-21T00:00:00
db:	NVD	id:	CVE-2004-1759	date:	2004-01-21T05:00:00