var-200607-0355
Vulnerability from variot
Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Cisco Unified CallManager Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA21030
VERIFY ADVISORY: http://secunia.com/advisories/21030/
CRITICAL: Highly critical
IMPACT: Privilege escalation, DoS, System access
WHERE:
From remote
SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/11019/
DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified CallManager, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) Errors in various CLI commands can be exploited by an authenticated administrator to break out of the CLI environment and execute arbitrary Linux commands with root privileges.
2) An unspecified error makes it possible to for an authenticated administrator to overwrite arbitrary files or folders with output of CLI commands.
Successful exploitation causes a DoS or allows execution of arbitrary code.
The vulnerabilities have been reported in versions 5.0(1), 5.0(2), 5.0(3), and 5.0(3a).
SOLUTION: Update to version 5.0(4) or later.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0355",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified callmanager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0\\(1\\)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0\\(2\\)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0\\(3a\\)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0\\(3\\)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.0(1) to 5.0(3a)"
},
{
"model": "unified callmanager 5.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(2)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(1)"
},
{
"model": "unified callmanager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(4)"
}
],
"sources": [
{
"db": "BID",
"id": "18952"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
},
{
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_callmanager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
}
],
"trust": 0.6
},
"cve": "CVE-2006-3594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3594",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19702",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3594",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-3594",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-261",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-19702",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19702"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
},
{
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Unified CallManager Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21030\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21030/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nPrivilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCisco Unified CallManager 5.x\nhttp://secunia.com/product/11019/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco Unified CallManager,\nwhich can be exploited by malicious, local users to gain escalated\nprivileges or by malicious people to cause a DoS (Denial of Service)\nor compromise a vulnerable system. \n\n1) Errors in various CLI commands can be exploited by an\nauthenticated administrator to break out of the CLI environment and\nexecute arbitrary Linux commands with root privileges. \n\n2) An unspecified error makes it possible to for an authenticated\nadministrator to overwrite arbitrary files or folders with output of\nCLI commands. \n\nSuccessful exploitation causes a DoS or allows execution of arbitrary\ncode. \n\nThe vulnerabilities have been reported in versions 5.0(1), 5.0(2),\n5.0(3), and 5.0(3a). \n\nSOLUTION:\nUpdate to version 5.0(4) or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3594"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"db": "BID",
"id": "18952"
},
{
"db": "VULHUB",
"id": "VHN-19702"
},
{
"db": "PACKETSTORM",
"id": "48213"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-3594",
"trust": 2.8
},
{
"db": "BID",
"id": "18952",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "21030",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1016475",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "27162",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-2774",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002754",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-261",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20060712 MULTIPLE CISCO UNIFIED CALLMANAGER VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "27691",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-19702",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48213",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19702"
},
{
"db": "BID",
"id": "18952"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"db": "PACKETSTORM",
"id": "48213"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
},
{
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"id": "VAR-200607-0355",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19702"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:20:00.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20060712-cucm",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060712-cucm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18952"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/27162"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016475"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21030"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2774"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27691"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3594"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3594"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27691"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2774"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21030/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11019/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19702"
},
{
"db": "BID",
"id": "18952"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"db": "PACKETSTORM",
"id": "48213"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
},
{
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-19702"
},
{
"db": "BID",
"id": "18952"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"db": "PACKETSTORM",
"id": "48213"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
},
{
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-19702"
},
{
"date": "2006-07-12T00:00:00",
"db": "BID",
"id": "18952"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"date": "2006-07-13T17:58:07",
"db": "PACKETSTORM",
"id": "48213"
},
{
"date": "2006-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-261"
},
{
"date": "2006-07-18T15:37:00",
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-19702"
},
{
"date": "2016-07-05T21:38:00",
"db": "BID",
"id": "18952"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002754"
},
{
"date": "2006-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-261"
},
{
"date": "2024-11-21T00:13:59.187000",
"db": "NVD",
"id": "CVE-2006-3594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CUCM Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-261"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…