CVE-2006-5278

Current Description

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.

Basic Data

PublishedJuly 15, 2007
Last ModifiedAugust 01, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Callmanager********3.33.3(5)sr2
    2.3ApplicationCiscoUnified Callmanager********4.14.1(3)sr4
    2.3ApplicationCiscoUnified Callmanager********4.24.2(3)sr1
    2.3ApplicationCiscoUnified Callmanager5.0*******
    2.3ApplicationCiscoUnified Callmanager********5.15.1(2)
    2.3ApplicationCiscoUnified Communications Manager********4.34.3(1)

Vulnerable Software List

VendorProductVersions
Cisco Unified Communications Manager *
Cisco Unified Callmanager *, 5.0

References

NameSourceURLTags
26043http://secunia.com/advisories/26043SECUNIAThird Party Advisory
1018369http://securitytracker.com/id?1018369SECTRACKThird Party Advisory VDB Entry
20070711 Cisco Unified Communications Manager Overflow Vulnerabilitieshttp://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtmlCISCOPatch Vendor Advisory
20070711 Cisco Call Manager RisDC.exe Remote Code Executionhttp://www.iss.net/threats/271.htmlISSBroken Link
36121http://www.osvdb.org/36121OSVDBBroken Link
24868http://www.securityfocus.com/bid/24868BIDThird Party Advisory VDB Entry
ADV-2007-2512http://www.vupen.com/english/advisories/2007/2512VUPENPermissions Required Third Party Advisory
negative-integer-bo(19057)https://exchange.xforce.ibmcloud.com/vulnerabilities/19057XFThird Party Advisory VDB Entry