CVE-2006-5277

Current Description

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.

Basic Data

PublishedJuly 15, 2007
Last ModifiedOctober 17, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Callmanager********3.33.3(5)sr2
    2.3ApplicationCiscoUnified Callmanager********4.14.1(3)sr4
    2.3ApplicationCiscoUnified Callmanager********4.24.2(3)sr1
    2.3ApplicationCiscoUnified Callmanager5.0*******
    2.3ApplicationCiscoUnified Communications Manager********4.34.3(1)
    2.3ApplicationCiscoUnified Communications Manager********5.15.1(1)

Vulnerable Software List

VendorProductVersions
Cisco Unified Communications Manager *
Cisco Unified Callmanager *, 5.0

References

NameSourceURLTags
26043http://secunia.com/advisories/26043SECUNIAThird Party Advisory
1018369http://securitytracker.com/id?1018369SECTRACKThird Party Advisory VDB Entry
20070711 Cisco Unified Communications Manager Overflow Vulnerabilitieshttp://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtmlCISCOVendor Advisory
20070711 Cisco Call Manager CTLProvider.exe Remote Code Executionhttp://www.iss.net/threats/270.htmlISSBroken Link
36122http://www.osvdb.org/36122OSVDBBroken Link
24868http://www.securityfocus.com/bid/24868BIDThird Party Advisory VDB Entry
ADV-2007-2512http://www.vupen.com/english/advisories/2007/2512VUPENPermissions Required Third Party Advisory
voip-filename-overflow(31437)https://exchange.xforce.ibmcloud.com/vulnerabilities/31437XFThird Party Advisory VDB Entry