{"api_version":"1","generated_at":"2026-04-23T09:52:21+00:00","cve":"CVE-2002-1189","urls":{"html":"https://cve.report/CVE-2002-1189","api":"https://cve.report/api/cve/CVE-2002-1189.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-1189","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-1189"},"summary":{"title":"CVE-2002-1189","description":"The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-10-11 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml","name":"http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Cisco Security Advisory: Predefined Restriction Tables Allow Calls to International Operator","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/5896","name":"http://www.securityfocus.com/bid/5896","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco Unity Default Restrictions International Operator Call Forwarding Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.iss.net/security_center/static/10282.php","name":"http://www.iss.net/security_center/static/10282.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ISS X-Force Database: cisco-unity-insecure-configuration (10282): Cisco Unity insecure default configuration allows international operator calls using call forwarding","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-1189","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-1189","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"2.46","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1189","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"unity_server","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:19:27.656Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"cisco-unity-insecure-configuration(10282)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/10282.php"},{"name":"20021004 Predefined Restriction Tables Allow Calls to International Operator","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml"},{"name":"5896","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/5896"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2002-10-04T00:00:00.000Z","descriptions":[{"lang":"en","value":"The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2003-02-26T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"cisco-unity-insecure-configuration(10282)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/10282.php"},{"name":"20021004 Predefined Restriction Tables Allow Calls to International Operator","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml"},{"name":"5896","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/5896"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-1189","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"cisco-unity-insecure-configuration(10282)","refsource":"XF","url":"http://www.iss.net/security_center/static/10282.php"},{"name":"20021004 Predefined Restriction Tables Allow Calls to International Operator","refsource":"CISCO","url":"http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml"},{"name":"5896","refsource":"BID","url":"http://www.securityfocus.com/bid/5896"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-1189","datePublished":"2004-09-01T04:00:00.000Z","dateReserved":"2002-10-04T00:00:00.000Z","dateUpdated":"2024-08-08T03:19:27.656Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-10-11 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:2.0:*:*:*:*:*:*:*","matchCriteriaId":"A6659C2E-691B-47B8-9659-73FF4DEE3C19"},{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:2.1:*:*:*:*:*:*:*","matchCriteriaId":"C0317B33-20DC-4E57-8AFC-097FBC6067F4"},{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:2.2:*:*:*:*:*:*:*","matchCriteriaId":"D382C84D-C8F7-4257-B6C6-D00C595F6B63"},{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:2.3:*:*:*:*:*:*:*","matchCriteriaId":"6DF21240-6275-434F-B7C3-8CC029B9ABA2"},{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:2.4:*:*:*:*:*:*:*","matchCriteriaId":"8934A49D-9ABB-4B49-9B69-615B8CFFAF10"},{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:2.46:*:*:*:*:*:*:*","matchCriteriaId":"0E60BDFE-108B-4621-9B02-774AA844407B"},{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"856D99BB-1CB3-4A8D-9752-CC854829C65A"},{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:unity_server:3.1:*:*:*:*:*:*:*","matchCriteriaId":"B13E26E7-8284-4B70-B51C-B3B96995094F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"1189","Ordinal":"1","Title":"CVE-2002-1189","CVE":"CVE-2002-1189","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"1189","Ordinal":"1","NoteData":"The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.","Type":"Description","Title":"CVE-2002-1189"},{"CveYear":"2002","CveId":"1189","Ordinal":"2","NoteData":"2004-09-01","Type":"Other","Title":"Published"},{"CveYear":"2002","CveId":"1189","Ordinal":"3","NoteData":"2003-02-26","Type":"Other","Title":"Modified"}]}}}