CVE-2008-3814 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-3814

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

Published: Oct 9, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3814
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
cisco / unity	5.0	5.0.x
cisco / unity	4.0	4.0.x
cisco / unity	7.0(2)	7.0(2).x
cisco / unity	4.0(4)-sr1	4.0(4)-sr1.x
cisco / unity	5.0(1)	5.0(1).x
cisco / unity	4.0(3)	4.0(3).x
cisco / unity	4.1(1)	4.1(1).x
cisco / unity	4.0(2)	4.0(2).x
cisco / unity	4.0(5)	4.0(5).x
cisco / unity	4.2(1)	4.2(1).x
cisco / unity	4.0(4)	4.0(4).x
cisco / unity	4.0(3)-sr1	4.0(3)-sr1.x
cisco / unity	7.0	7.0.x
cisco / unity	4.0(1)	4.0(1).x