Cisco Identity Services Engine Database Default Credentials Security Bypass Vulnerability

Bugtraq ID: 49703
Class: Design Error
CVE: CVE-2011-3290
Remote: Yes
Local: No
Published: Sep 20 2011 12:00AM
Updated: Oct 03 2011 05:50PM
Credit: Andrey Ovrashko and Sergey Bondarenko of BMS Consulting.
Vulnerable: Cisco Identity Services Engine 1.0.4
+ Cisco Unity Server 4.0
+ Cisco Unity Server 3.3
+ Cisco Unity Server 3.2
+ Cisco Unity Server 3.1
+ Cisco Unity Server 3.0
+ Cisco Unity Server 2.46
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.1
+ Cisco Unity Server 2.0
+ Cisco Unity Server
Not Vulnerable: Cisco Identity Services Engine 1.0.4.MR2
+ Cisco Unity Server 4.0
+ Cisco Unity Server 3.3
+ Cisco Unity Server 3.2
+ Cisco Unity Server 3.1
+ Cisco Unity Server 3.0
+ Cisco Unity Server 2.46
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.1
+ Cisco Unity Server 2.0
+ Cisco Unity Server


 

Privacy Statement
Copyright 2010, SecurityFocus