CVE-2008-3814

Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0d85f.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/31642
http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html	Patch Vendor Advisory
http://www.voipshield.com/research-details.php?id=126
http://secunia.com/advisories/32187	Vendor Advisory
http://www.securitytracker.com/id?1021011
http://www.securityfocus.com/bid/31638
http://www.vupen.com/english/advisories/2008/2771	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45741

Configuration 1

cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:7.0(2):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0(4):sr1:*:*:*:*:*:* cpe:2.3:a:cisco:unity:5.0(1):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0(3):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.1(1):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0(2):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0(5):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.2(1):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0(4):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0(3):sr1:*:*:*:*:*:* cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unity:4.0(1):*:*:*:*:*:*:*

---

Published : 2008-10-08 10:00

Updated : 2017-08-08 01:32

---

NVD link : CVE-2008-3814

Mitre link : CVE-2008-3814

No products.

CWE-287