National Cyber Awareness System

Vulnerability Summary for CVE-2008-4545

Overview

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: unityserver-reports-information-disclosure(45742)

Hyperlink:http://xforce.iss.net/xforce/xfdb/45742

External Source: VUPEN

Name: ADV-2008-2771

Hyperlink:http://www.vupen.com/english/advisories/2008/2771

External Source: MISC

Name: http://www.voipshield.com/research-details.php?id=130

Hyperlink:http://www.voipshield.com/research-details.php?id=130

External Source: BID

Name: 31642

Hyperlink:http://www.securityfocus.com/bid/31642

External Source: CISCO

Name: 20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server

Type: Advisory

Hyperlink:http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html

External Source: SECTRACK

Name: 1021022

Hyperlink:http://securitytracker.com/id?1021022

External Source: SECUNIA

Name: 32187

Type: Advisory

Hyperlink:http://secunia.com/advisories/32187