1.4(2)

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

NVD

Published: 2004-02-03

Updated: 2017-10-10

Summary

Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Personal Assistant 1.4\(1\) Cisco Personal Assistant 1.4\(2\)	2

References

http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml
http://www.osvdb.org/3430
http://www.securityfocus.com/bid/9384
https://exchange.xforce.ibmcloud.com/vulnerabilities/14172