CVE-2008-4545

Published Oct 13, 2008

Last updated 7 years ago

Overview

Description: Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0008B2C-C3EF-4C4F-AE0F-BFC2C373D68B",
            "versionEndIncluding": "4.2\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDD69DB2-FD94-403D-BD18-A25FD470C817",
            "versionEndIncluding": "5.0\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "049041BD-EBC5-4971-BD51-DD63EFB2F430",
            "versionEndIncluding": "7.0\\(2\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7069DF8-3006-4651-816A-855C980256FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDE9975D-17B0-4EC8-8278-A715F4BF14F4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9555A7EC-C0B6-4F48-99BE-BCE51446CF47"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F3E72C-FF4B-425E-A8FB-C1C4BEDDB019"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0\\(3\\):sr2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6871C23B-9B4F-4621-A1C9-55D040558610"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A164F687-98DB-409D-A9C4-D04ECF6DD53F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0\\(4\\):sr1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "255CAB12-EE1D-4DC3-B854-E0D645F4C9B8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.0\\(5\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A9BA9FD-99EC-4571-ACE8-2EFD13EFEBC5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:4.1\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B746D68B-C6A4-494C-9302-F4652E1E2A13"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20DAD5D8-6882-48FE-AE7A-9440F47F6C2A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unity:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EED32D3-A1C5-430C-8488-4D221196CB76"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References