CVE-2008-2062 Information

Description

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4 and 4.3 before 4.3(2)SR1 allows remote attackers to bypass authentication and obtain cluster configuration information and statistics via a direct TCP connection to the service port aka Bug ID CSCsq35151.

Reference

http://secunia.com/advisories/30848 http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml http://www.securityfocus.com/bid/29935 http://www.securitytracker.com/id?1020361 http://www.vupen.com/english/advisories/2008/1933/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43355