Sign-up

ID

VAR-200402-0012


CVE

CVE-2004-0044


TITLE

Cisco Systems  Cisco Personal Assistant  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000757

DESCRIPTION

Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. Cisco Systems Cisco Personal Assistant Exists in unspecified vulnerabilities.None. Remote attackers can exploit this vulnerability to change user parameters and configurations. This vulnerability exists only when the following conditions are true: 1. 2. This vulnerability does not affect users accessing Personal Assistant through the phone interface

Trust: 1.98

sources: NVD: CVE-2004-0044 // JVNDB: JVNDB-2004-000757 // BID: 9384 // VULHUB: VHN-8474

AFFECTED PRODUCTS

vendor:ciscomodel:personal assistantscope:eqversion:1.4\(2\)

Trust: 1.6

vendor:ciscomodel:personal assistantscope:eqversion:1.4\(1\)

Trust: 1.6

vendor:シスコシステムズmodel:cisco personal assistantscope:eqversion:1.4(2)

Trust: 0.8

vendor:シスコシステムズmodel:cisco personal assistantscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco personal assistantscope:eqversion:1.4(1)

Trust: 0.8

vendor:ciscomodel:personal assistantscope:eqversion:1.4(2)

Trust: 0.3

vendor:ciscomodel:personal assistantscope:eqversion:1.4(1)

Trust: 0.3

vendor:ciscomodel:personal assistantscope:neversion:1.3(4)

Trust: 0.3

vendor:ciscomodel:personal assistantscope:neversion:1.3(3)

Trust: 0.3

vendor:ciscomodel:personal assistantscope:neversion:1.3(2)

Trust: 0.3

vendor:ciscomodel:personal assistantscope:neversion:1.3(1)

Trust: 0.3

sources: BID: 9384 // JVNDB: JVNDB-2004-000757 // CNNVD: CNNVD-200402-025 // NVD: CVE-2004-0044

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0044
value: HIGH

Trust: 1.0

NVD: CVE-2004-0044
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200402-025
value: HIGH

Trust: 0.6

VULHUB: VHN-8474
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0044
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8474
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8474 // JVNDB: JVNDB-2004-000757 // CNNVD: CNNVD-200402-025 // NVD: CVE-2004-0044

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000757 // NVD: CVE-2004-0044

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200402-025

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200402-025

EXTERNAL IDS

db:NVDid:CVE-2004-0044

Trust: 3.3

db:BIDid:9384

Trust: 2.8

db:OSVDBid:3430

Trust: 1.7

db:JVNDBid:JVNDB-2004-000757

Trust: 0.8

db:CNNVDid:CNNVD-200402-025

Trust: 0.7

db:XFid:14172

Trust: 0.6

db:CISCOid:20040108 CISCO PERSONAL ASSISTANT USER PASSWORD BYPASS VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-8474

Trust: 0.1

sources: VULHUB: VHN-8474 // BID: 9384 // JVNDB: JVNDB-2004-000757 // CNNVD: CNNVD-200402-025 // NVD: CVE-2004-0044

REFERENCES

url:http://www.securityfocus.com/bid/9384

Trust: 2.5

url:http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml

Trust: 2.5

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/14172

Trust: 1.9

url:http://www.osvdb.org/3430

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2004-0044

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/14172

Trust: 0.6

sources: VULHUB: VHN-8474 // JVNDB: JVNDB-2004-000757 // CNNVD: CNNVD-200402-025 // NVD: CVE-2004-0044

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200402-025

SOURCES

db:VULHUBid:VHN-8474
db:BIDid:9384
db:JVNDBid:JVNDB-2004-000757
db:CNNVDid:CNNVD-200402-025
db:NVDid:CVE-2004-0044

LAST UPDATE DATE

2024-08-14T15:20:18.082000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-8474date:2017-10-10T00:00:00
db:BIDid:9384date:2004-01-08T00:00:00
db:JVNDBid:JVNDB-2004-000757date:2024-05-29T05:30:00
db:CNNVDid:CNNVD-200402-025date:2005-10-12T00:00:00
db:NVDid:CVE-2004-0044date:2017-10-10T01:30:16.640

SOURCES RELEASE DATE

db:VULHUBid:VHN-8474date:2004-02-03T00:00:00
db:BIDid:9384date:2004-01-08T00:00:00
db:JVNDBid:JVNDB-2004-000757date:2024-05-29T00:00:00
db:CNNVDid:CNNVD-200402-025date:2004-01-08T00:00:00
db:NVDid:CVE-2004-0044date:2004-02-03T05:00:00