{"api_version":"1","generated_at":"2026-04-23T09:51:08+00:00","cve":"CVE-2004-0044","urls":{"html":"https://cve.report/CVE-2004-0044","api":"https://cve.report/api/cve/CVE-2004-0044.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-0044","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-0044"},"summary":{"title":"CVE-2004-0044","description":"Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-02-03 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.osvdb.org/3430","name":"http://www.osvdb.org/3430","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml","name":"http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Cisco - Networking, Cloud, and Cybersecurity Solutions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/9384","name":"http://www.securityfocus.com/bid/9384","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco Personal Assistant Web Interface User Password Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14172","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14172","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-0044","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-0044","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"44","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"personal_assistant","cpe6":"1.4\\(1\\)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"44","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"personal_assistant","cpe6":"1.4\\(2\\)","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T00:01:23.641Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ciscopersonalassistant-config-file-access(14172)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14172"},{"name":"20040108 Cisco Personal Assistant User Password Bypass Vulnerability","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml"},{"name":"3430","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/3430"},{"name":"9384","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/9384"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-01-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2007-11-13T00:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"ciscopersonalassistant-config-file-access(14172)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14172"},{"name":"20040108 Cisco Personal Assistant User Password Bypass Vulnerability","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml"},{"name":"3430","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/3430"},{"name":"9384","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/9384"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-0044","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ciscopersonalassistant-config-file-access(14172)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14172"},{"name":"20040108 Cisco Personal Assistant User Password Bypass Vulnerability","refsource":"CISCO","url":"http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml"},{"name":"3430","refsource":"OSVDB","url":"http://www.osvdb.org/3430"},{"name":"9384","refsource":"BID","url":"http://www.securityfocus.com/bid/9384"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-0044","datePublished":"2004-09-01T04:00:00.000Z","dateReserved":"2004-01-12T00:00:00.000Z","dateUpdated":"2024-08-08T00:01:23.641Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-02-03 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:personal_assistant:1.4\\(1\\):*:*:*:*:*:*:*","matchCriteriaId":"131ABD48-89ED-45B9-865B-20AF3631BA6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:personal_assistant:1.4\\(2\\):*:*:*:*:*:*:*","matchCriteriaId":"0BC18EEF-1DA5-402A-9C22-BCF287F2D501"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"44","Ordinal":"1","Title":"CVE-2004-0044","CVE":"CVE-2004-0044","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"44","Ordinal":"1","NoteData":"Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.","Type":"Description","Title":"CVE-2004-0044"},{"CveYear":"2004","CveId":"44","Ordinal":"2","NoteData":"2004-09-01","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"44","Ordinal":"3","NoteData":"2007-11-12","Type":"Other","Title":"Modified"}]}}}