Details of VAR-200401-0064

ID

VAR-200401-0064

CVE

CVE-2004-1760

TITLE

Cisco default install of IBM Director agent fails to authenticate users for remote administration

Trust: 0.8

sources: CERT/CC: VU#602734

DESCRIPTION

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. Cisco IBM Director agent fails to authenticate users for remote administration. This could be exploited by any Director Server/Console agent that can connect to the administrative port. Administrative access will permit the attacker to take various malicious actions, including remote command execution, reconfiguration and stopping/starting services. Cisco voice devices are available on multiple operating platforms, including IBM. By default, TCP and UDP port 14247 will be opened in an insecure manner

Trust: 2.7

sources: NVD: CVE-2004-1760 // CERT/CC: VU#602734 // CERT/CC: VU#721092 // BID: 9468 // VULHUB: VHN-10190

AFFECTED PRODUCTS

vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1	Trust: 1.6
vendor:	ibm	model:	director agent	scope:	eq	version:	3.11	Trust: 1.3
vendor:	ibm	model:	director agent	scope:	eq	version:	2.2	Trust: 1.3
vendor:	cisco	model:	ip interactive voice response	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	ip call center express standard	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	ip call center express enhanced	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	1.1	Trust: 1.3
vendor:	cisco	model:	conference connection	scope:	eq	version:	1.2	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.2	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	2.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	1.0	Trust: 1.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(2\)	Trust: 1.0
vendor:	ibm	model:	mcs-7815i-2.0	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(4\)	Trust: 1.0
vendor:	ibm	model:	x342	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(3\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(2\)	Trust: 1.0
vendor:	ibm	model:	mcs-7835i-2.4	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4\(2\)	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3\(1\)	Trust: 1.0
vendor:	ibm	model:	x340	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)	Trust: 1.0
vendor:	ibm	model:	mcs-7835i-3.0	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	mcs-7815-1000	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	x330	scope:	eq	version:	8674	Trust: 1.0
vendor:	ibm	model:	x345	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	conference connection	scope:	eq	version:	1.1\(1\)	Trust: 1.0
vendor:	ibm	model:	x330	scope:	eq	version:	8654	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4\(1\)	Trust: 1.0
vendor:	cisco	model:	internet service node	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	x345	scope:	-	version:	-	Trust: 0.6
vendor:	ibm	model:	x342	scope:	-	version:	-	Trust: 0.6
vendor:	ibm	model:	-	scope:	eq	version:	x345	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x342	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x340	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x3308674	Trust: 0.3
vendor:	ibm	model:	-	scope:	eq	version:	x3308654	Trust: 0.3
vendor:	ibm	model:	mcs-7835i-3.0	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	mcs-7815i-2.0	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	mcs-7815-1000	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4(2)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.4(1)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(4)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(3)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(2)	Trust: 0.3
vendor:	cisco	model:	personal assistant	scope:	eq	version:	1.3(1)	Trust: 0.3
vendor:	cisco	model:	internet service node	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	conference connection	scope:	eq	version:	1.1(1)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(3)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1(2)	Trust: 0.3

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // BID: 9468 // CNNVD: CNNVD-200401-057 // NVD: CVE-2004-1760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1760
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#602734
value:	14.93
Trust: 0.8
CARNEGIE MELLON:	VU#721092
value:	3.87
Trust: 0.8
CNNVD:	CNNVD-200401-057
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-10190
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1760
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10190
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // VULHUB: VHN-10190 // CNNVD: CNNVD-200401-057 // NVD: CVE-2004-1760

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.1

sources: VULHUB: VHN-10190 // NVD: CVE-2004-1760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200401-057

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200401-057

EXTERNAL IDS

db:	SECUNIA	id:	10696	Trust: 3.3
db:	CERT/CC	id:	VU#602734	Trust: 2.5
db:	BID	id:	9468	Trust: 2.0
db:	NVD	id:	CVE-2004-1760	Trust: 2.0
db:	OSVDB	id:	3692	Trust: 1.7
db:	SECTRACK	id:	1008814	Trust: 1.7
db:	CERT/CC	id:	VU#721092	Trust: 0.8
db:	CNNVD	id:	CNNVD-200401-057	Trust: 0.7
db:	CISCO	id:	20040121 VOICE PRODUCT VULNERABILITIES ON IBM SERVERS	Trust: 0.6
db:	CIAC	id:	O-066	Trust: 0.6
db:	XF	id:	14900	Trust: 0.6
db:	VULHUB	id:	VHN-10190	Trust: 0.1

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // VULHUB: VHN-10190 // BID: 9468 // CNNVD: CNNVD-200401-057 // NVD: CVE-2004-1760

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml	Trust: 3.6
url:	http://www.securityfocus.com/bid/9468	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/602734	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/o-066.shtml	Trust: 1.7
url:	http://www.osvdb.org/3692	Trust: 1.7
url:	http://www.securitytracker.com/id?1008814	Trust: 1.7
url:	http://secunia.com/advisories/10696	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00801ede01.shtml	Trust: 1.6
url:	http://www.secunia.com/advisories/10696/	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/14900	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/14900	Trust: 0.6

sources: CERT/CC: VU#602734 // CERT/CC: VU#721092 // VULHUB: VHN-10190 // BID: 9468 // CNNVD: CNNVD-200401-057 // NVD: CVE-2004-1760

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200401-057

SOURCES

db:	CERT/CC	id:	VU#602734
db:	CERT/CC	id:	VU#721092
db:	VULHUB	id:	VHN-10190
db:	BID	id:	9468
db:	CNNVD	id:	CNNVD-200401-057
db:	NVD	id:	CVE-2004-1760

LAST UPDATE DATE

2024-08-14T13:40:23.304000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#602734	date:	2004-01-23T00:00:00
db:	CERT/CC	id:	VU#721092	date:	2004-01-23T00:00:00
db:	VULHUB	id:	VHN-10190	date:	2017-07-11T00:00:00
db:	BID	id:	9468	date:	2009-07-12T02:06:00
db:	CNNVD	id:	CNNVD-200401-057	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1760	date:	2017-07-11T01:31:19.887

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#602734	date:	2004-01-22T00:00:00
db:	CERT/CC	id:	VU#721092	date:	2004-01-22T00:00:00
db:	VULHUB	id:	VHN-10190	date:	2004-01-21T00:00:00
db:	BID	id:	9468	date:	2004-01-21T00:00:00
db:	CNNVD	id:	CNNVD-200401-057	date:	2004-01-21T00:00:00
db:	NVD	id:	CVE-2004-1760	date:	2004-01-21T05:00:00