Vulnerability Name:

CVE-2004-1760 (CCN-14900)

Assigned:2004-01-21
Published:2004-01-21
Updated:2017-07-11
Summary:The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-287
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1760

Source: CCN
Type: SA10696
Cisco Voice Products Director Agent Insecure Default Installation

Source: SECUNIA
Type: Patch, Vendor Advisory
10696

Source: CCN
Type: SECTRACK ID: 1008814
Cisco Personal Assistant Default Configuration on IBM Servers Grants Administrative Access to Remote Users

Source: CCN
Type: CIAC Information Bulletin O-066
Voice Product Vulnerabilities on IBM Servers

Source: CIAC
Type: UNKNOWN
O-066

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2004 January 21 UTC 1700 (GMT)
Voice Product Vulnerabilities on IBM Servers

Source: CISCO
Type: Patch, Vendor Advisory
20040121 Voice Product Vulnerabilities on IBM Servers

Source: CCN
Type: US-CERT VU#602734
Cisco default install of IBM Director agent fails to authenticate users for remote administration

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#602734

Source: OSVDB
Type: UNKNOWN
3692

Source: CCN
Type: OSVDB ID: 3692
Cisco Voice Products Director Agent Insecure Default Installation

Source: BID
Type: Patch, Vendor Advisory
9468

Source: CCN
Type: BID-9468
Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability

Source: SECTRACK
Type: UNKNOWN
1008814

Source: XF
Type: UNKNOWN
ciscovoice-ibmservers-admin-access(14900)

Source: XF
Type: UNKNOWN
ciscovoice-ibmservers-admin-access(14900)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:emergency_responder:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ip_call_center_express_enhanced:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ip_call_center_express_standard:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ip_interactive_voice_response:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(4):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.4(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.4(2):*:*:*:*:*:*:*
  • OR cpe:/a:ibm:director_agent:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:director_agent:3.11:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:2.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.1:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.1(2):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.1(3a):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.2:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.3:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.3(3):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:internet_service_node:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:cisco:conference_connection:1.1(1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:conference_connection:1.2:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/h:ibm:mcs-7815-1000:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:mcs-7815i-2.0:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:mcs-7835i-2.4:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:mcs-7835i-3.0:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x330:8654:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x330:8674:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x340:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x342:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x345:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:personal_assistant:1.4(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.4(2):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:internet_service_node:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:emergency_responder:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ip_call_center_express_enhanced:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ip_call_center_express_standard:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ip_interactive_voice_response:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(3):*:*:*:*:*:*:*
  • OR cpe:/a:ibm:director_agent:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:director_agent:3.11:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:mcs-7815-1000:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:mcs-7815i-2.0:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:mcs-7835i-2.4:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:mcs-7835i-3.0:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x340:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x342:*:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x345:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:conference_connection:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:personal_assistant:1.3(4):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:conference_connection:1.1(1):*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x330:8674:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:x330:8654:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco emergency responder 1.1
    cisco ip call center express enhanced 3.0
    cisco ip call center express standard 3.0
    cisco ip interactive voice response 3.0
    cisco personal assistant 1.3(1)
    cisco personal assistant 1.3(2)
    cisco personal assistant 1.3(3)
    cisco personal assistant 1.3(4)
    cisco personal assistant 1.4(1)
    cisco personal assistant 1.4(2)
    ibm director agent 2.2
    ibm director agent 3.11
    cisco call manager 1.0
    cisco call manager 2.0
    cisco call manager 3.0
    cisco call manager 3.1
    cisco call manager 3.1(2)
    cisco call manager 3.1(3a)
    cisco call manager 3.2
    cisco call manager 3.3
    cisco call manager 3.3(3)
    cisco call manager 4.0
    cisco internet service node *
    cisco conference connection 1.1(1)
    cisco conference connection 1.2
    ibm mcs-7815-1000 *
    ibm mcs-7815i-2.0 *
    ibm mcs-7835i-2.4 *
    ibm mcs-7835i-3.0 *
    ibm x330 8654
    ibm x330 8674
    ibm x340 *
    ibm x342 *
    ibm x345 *
    cisco personal assistant 1.4(1)
    cisco personal assistant 1.4(2)
    cisco internet service node *
    cisco emergency responder 1.1
    cisco ip call center express enhanced 3.0
    cisco ip call center express standard 3.0
    cisco ip interactive voice response 3.0
    cisco personal assistant 1.3(1)
    cisco personal assistant 1.3(2)
    cisco personal assistant 1.3(3)
    ibm director agent 2.2
    ibm director agent 3.11
    ibm mcs-7815-1000 *
    ibm mcs-7815i-2.0 *
    ibm mcs-7835i-2.4 *
    ibm mcs-7835i-3.0 *
    ibm x340 *
    ibm x342 *
    ibm x345 *
    cisco conference connection 1.2
    cisco personal assistant 1.3(4)
    cisco conference connection 1.1(1)
    ibm x330 8674
    ibm x330 8654