CVE-2008-4543
https://notcve.org/view.php?id=CVE-2008-4543
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificación anónima (también conocida como autenticación nativa Unity), permite a atacantes remotos provocar una denegación de servicio (agotamiento de sesión) a través de un gran número de conexiones. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021013 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=128 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45743 • CWE-399: Resource Management Errors •
CVE-2008-4545
https://notcve.org/view.php?id=CVE-2008-4545
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. Cisco Unity v4.x anteriores a v4.2(1)ES161, v5.x anteriores a v5.0(1)ES53, and v7.x anteriores a v7.0(2)ES8 usa permisos débiles para el directorio D:\CommServer\Reports directory, lo que permite a usuarios remotos autentificados conseguir información sensible, leyendo ficheros en este directorio. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021022 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=130 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45742 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3814
https://notcve.org/view.php?id=CVE-2008-3814
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. Una vulnerabilidad no especificada en Unity de Cisco versiones 4.x anteriores a 4.2 (1) ES161, versiones 5.x anteriores a 5.0 (1) ES53 y versiones 7.x anteriores 7.0 (2) ES8, cuando utiliza autenticación anónima (también conocida como autenticación Unity nativa), permite a los atacantes remotos omitir la autenticación y leer o modificar los parámetros de configuración del sistema yendo hacia un enlace específico más de una vez. • http://secunia.com/advisories/32187 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31638 http://www.securityfocus.com/bid/31642 http://www.securitytracker.com/id?1021011 http://www.voipshield.com/research-details.php?id=126 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45741 • CWE-287: Improper Authentication •