CVE-2004-1760 [Critical] | Authentication Bypass in Emergency Responder

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	10.09%	3.80%	-6.29%
2	2026-02-02	11.91%	10.09%	-1.81%
3	2025-12-30	—	11.91%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

10.09%

3.80%

-6.29%

2026-02-02

11.91%

10.09%

-1.81%

2025-12-30

—

11.91%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

Affected software / configurations for CVE-2004-1760

Vendor	Product	Version	Raw CPE
cisco	emergency_responder	1.1	cpe:2.3:a:cisco:emergency_responder:1.1:::::::*
cisco	ip_call_center_express_enhanced	3.0	cpe:2.3:a:cisco:ip_call_center_express_enhanced:3.0:::::::*
cisco	ip_call_center_express_standard	3.0	cpe:2.3:a:cisco:ip_call_center_express_standard:3.0:::::::*
cisco	ip_interactive_voice_response	3.0	cpe:2.3:a:cisco:ip_interactive_voice_response:3.0:::::::*
cisco	personal_assistant	1.3\(1\)	cpe:2.3:a:cisco:personal_assistant:1.3\(1\):::::::*
cisco	personal_assistant	1.3\(2\)	cpe:2.3:a:cisco:personal_assistant:1.3\(2\):::::::*
cisco	personal_assistant	1.3\(3\)	cpe:2.3:a:cisco:personal_assistant:1.3\(3\):::::::*
cisco	personal_assistant	1.3\(4\)	cpe:2.3:a:cisco:personal_assistant:1.3\(4\):::::::*
cisco	personal_assistant	1.4\(1\)	cpe:2.3:a:cisco:personal_assistant:1.4\(1\):::::::*
cisco	personal_assistant	1.4\(2\)	cpe:2.3:a:cisco:personal_assistant:1.4\(2\):::::::*
ibm	director_agent	2.2	cpe:2.3:a:ibm:director_agent:2.2:::::::*
ibm	director_agent	3.11	cpe:2.3:a:ibm:director_agent:3.11:::::::*
cisco	call_manager	1.0	cpe:2.3:h:cisco:call_manager:1.0:::::::*
cisco	call_manager	2.0	cpe:2.3:h:cisco:call_manager:2.0:::::::*
cisco	call_manager	3.0	cpe:2.3:h:cisco:call_manager:3.0:::::::*
cisco	call_manager	3.1	cpe:2.3:h:cisco:call_manager:3.1:::::::*
cisco	call_manager	3.1\(2\)	cpe:2.3:h:cisco:call_manager:3.1\(2\):::::::*
cisco	call_manager	3.1\(3a\)	cpe:2.3:h:cisco:call_manager:3.1\(3a\):::::::*
cisco	call_manager	3.2	cpe:2.3:h:cisco:call_manager:3.2:::::::*
cisco	call_manager	3.3	cpe:2.3:h:cisco:call_manager:3.3:::::::*
cisco	call_manager	3.3\(3\)	cpe:2.3:h:cisco:call_manager:3.3\(3\):::::::*
cisco	call_manager	4.0	cpe:2.3:h:cisco:call_manager:4.0:::::::*
cisco	internet_service_node	—	cpe:2.3:h:cisco:internet_service_node::::::::
cisco	conference_connection	1.1\(1\)	cpe:2.3:o:cisco:conference_connection:1.1\(1\):::::::*
cisco	conference_connection	1.2	cpe:2.3:o:cisco:conference_connection:1.2:::::::*
ibm	mcs-7815-1000	—	cpe:2.3:h:ibm:mcs-7815-1000::::::::
ibm	mcs-7815i-2.0	—	cpe:2.3:h:ibm:mcs-7815i-2.0::::::::
ibm	mcs-7835i-2.4	—	cpe:2.3:h:ibm:mcs-7835i-2.4::::::::
ibm	mcs-7835i-3.0	—	cpe:2.3:h:ibm:mcs-7835i-3.0::::::::
ibm	x330	8654	cpe:2.3:h:ibm:x330:8654:::::::*
ibm	x330	8674	cpe:2.3:h:ibm:x330:8674:::::::*
ibm	x340	—	cpe:2.3:h:ibm:x340::::::::
ibm	x342	—	cpe:2.3:h:ibm:x342::::::::
ibm	x345	—	cpe:2.3:h:ibm:x345::::::::

References for CVE-2004-1760

URL	Tags
http://secunia.com/advisories/10696	Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/o-066.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/602734	Patch Third Party Advisory US Government Resource
http://www.osvdb.org/3692
http://www.securityfocus.com/bid/9468	Patch Vendor Advisory
http://www.securitytracker.com/id?1008814
https://exchange.xforce.ibmcloud.com/vulnerabilities/14900

URL

CVE-2004-1760

Exploit prediction scoring system (EPSS) score for CVE-2004-1760

Common vulnerability scoring system (CVSS) metrics for CVE-2004-1760

Weakness enumeration for CVE-2004-1760

Affected software / configurations for CVE-2004-1760

References for CVE-2004-1760