Follow @discotekdotca
CVE-2006-5278
Current Description
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
Basic Data
| Published | July 15, 2007 |
|---|---|
| Last Modified | August 01, 2019 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 10.0 |
| Severity | HIGH |
| Exploitability Score | 10.0 |
| Impact Score | 10.0 |
| Obtain All Privilege | true |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Cisco Unified Callmanager * * * * * * * * 3.3 3.3(5)sr2 � � 2.3 Application Cisco Unified Callmanager * * * * * * * * 4.1 4.1(3)sr4 � � 2.3 Application Cisco Unified Callmanager * * * * * * * * 4.2 4.2(3)sr1 � � 2.3 Application Cisco Unified Callmanager 5.0 * * * * * * * � � � � 2.3 Application Cisco Unified Callmanager * * * * * * * * 5.1 5.1(2) � � 2.3 Application Cisco Unified Communications Manager * * * * * * * * 4.3 4.3(1) � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | * |
| Cisco | Unified Callmanager | *, 5.0 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 26043 | http://secunia.com/advisories/26043 | SECUNIA | Third Party Advisory |
| 1018369 | http://securitytracker.com/id?1018369 | SECTRACK | Third Party Advisory VDB Entry |
| 20070711 Cisco Unified Communications Manager Overflow Vulnerabilities | http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml | CISCO | PATCH Vendor Advisory |
| 20070711 Cisco Call Manager RisDC.exe Remote Code Execution | http://www.iss.net/threats/271.html | ISS | Broken Link |
| 36121 | http://www.osvdb.org/36121 | OSVDB | Broken Link |
| 24868 | http://www.securityfocus.com/bid/24868 | BID | Third Party Advisory VDB Entry |
| ADV-2007-2512 | http://www.vupen.com/english/advisories/2007/2512 | VUPEN | Permissions Required Third Party Advisory |
| negative-integer-bo(19057) | https://exchange.xforce.ibmcloud.com/vulnerabilities/19057 | XF | Third Party Advisory VDB Entry |