Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability
BID:9468
Info
Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability
| Bugtraq ID: | 9468 |
| Class: | Access Validation Error |
| CVE: |
CVE-2004-1760 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 21 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | This issue was announced by Cisco. |
| Vulnerable: |
IBM X345 IBM X342 IBM X340 IBM X330 8674 IBM X330 8654 IBM MCS-7835I-3.0 IBM MCS-7815I-2.0 IBM MCS-7815-1000 IBM Director Agent 3.11 IBM Director Agent 2.2 Cisco Personal Assistant 1.4 (2) Cisco Personal Assistant 1.4 (1) Cisco Personal Assistant 1.3 (4) Cisco Personal Assistant 1.3 (3) Cisco Personal Assistant 1.3 (2) Cisco Personal Assistant 1.3 (1) Cisco IP Interactive Voice Response (IP IVR) 3.0 Cisco IP Call Center Express (IPCC Express) Standard 3.0 Cisco IP Call Center Express (IPCC Express) Enhanced 3.0 Cisco Internet Service Node Cisco Emergency Responder 1.1 Cisco Conference Connection 1.2 Cisco Conference Connection 1.1 (1) Cisco Call Manager 4.0 Cisco Call Manager 3.3 (3) Cisco Call Manager 3.3 Cisco Call Manager 3.2 Cisco Call Manager 3.1 (3a) Cisco Call Manager 3.1 (2) Cisco Call Manager 3.1 Cisco Call Manager 3.0 Cisco Call Manager 2.0 Cisco Call Manager 1.0 |
| Not Vulnerable: | |
Discussion
Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability
IBM Director agents installed with Cisco voice products on IBM servers are prone to a vulnerability that could permit remote attackers to gain unauthorized administrative access. This could be exploited by any Director Server/Console agent that can connect to the administrative port.
Administrative access will permit the attacker to take various malicious actions, including remote command execution, reconfiguration and stopping/starting services.
IBM Director agents installed with Cisco voice products on IBM servers are prone to a vulnerability that could permit remote attackers to gain unauthorized administrative access. This could be exploited by any Director Server/Console agent that can connect to the administrative port.
Administrative access will permit the attacker to take various malicious actions, including remote command execution, reconfiguration and stopping/starting services.
Exploit / POC
Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability
Solution:
Cisco has released an repair script to address this issue by disabling access to the exposed ports. The script is available at the following location:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des
Further details are also provided in the attached Cisco advisory.
Solution:
Cisco has released an repair script to address this issue by disabling access to the exposed ports. The script is available at the following location:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des
Further details are also provided in the attached Cisco advisory.
References
Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability
References:
References: