var-200507-0194
Vulnerability from variot
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. The CallManager aupair service is susceptible to an unspecified remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This issue is documented in Cisco bug CSCsa75554, which is available to Cisco customers. This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in crashing the affected process, denying service to legitimate users. This issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200507-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "call manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "call manager sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es07",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es33",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager sr2b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager es40",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(5)"
},
{
"model": "call manager es25",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager es61",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
}
],
"sources": [
{
"db": "BID",
"id": "14255"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
},
{
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mark Dowd, Mike Lynn, David Maynor, Neel Mehta, and Alex Wheeler of ISS X-Force are credited with the discovery and research of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "14255"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
}
],
"trust": 0.9
},
"cve": "CVE-2005-2244",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-2244",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-13453",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-2244",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200507-147",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-13453",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13453"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
},
{
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. The CallManager aupair service is susceptible to an unspecified remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. \nThis issue is documented in Cisco bug CSCsa75554, which is available to Cisco customers. \nThis vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in crashing the affected process, denying service to legitimate users. \nThis issue was originally documented in BID 14227. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2244"
},
{
"db": "BID",
"id": "14255"
},
{
"db": "VULHUB",
"id": "VHN-13453"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "14255",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2005-2244",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200507-147",
"trust": 0.7
},
{
"db": "XF",
"id": "19053",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20050712 CISCO CALLMANAGER MEMORY HANDLING VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-13453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13453"
},
{
"db": "BID",
"id": "14255"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
},
{
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"id": "VAR-200507-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13453"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:57:56.716000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14255"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19053"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/19053"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/xforce/alerts/id/200"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13453"
},
{
"db": "BID",
"id": "14255"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
},
{
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13453"
},
{
"db": "BID",
"id": "14255"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
},
{
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-13453"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14255"
},
{
"date": "2005-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-147"
},
{
"date": "2005-07-12T04:00:00",
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-13453"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14255"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-147"
},
{
"date": "2024-11-20T23:59:07.170000",
"db": "NVD",
"id": "CVE-2005-2244"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CallManager aupair.exe Buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-147"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…