var-200707-0339
Vulnerability from variot
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. Successful exploits may result in a complete compromise of affected servers. Failed exploit attempts will likely result in denial-of-service conditions. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
TITLE: Cisco Unified Communications Manager Two Vulnerabilities
SECUNIA ADVISORY ID: SA26043
VERIFY ADVISORY: http://secunia.com/advisories/26043/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/12535/ Cisco Unified CallManager 4.x http://secunia.com/product/12534/ Cisco Unified CallManager 3.x http://secunia.com/product/2805/ Cisco Unified Communications Manager 5.x http://secunia.com/product/11019/ Cisco Unified Communications Manager 4.x http://secunia.com/product/5363/
DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified Communications Manager (CUCM), which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) An off-by-one error in the Certificate Trust List Provider service (CTLProvider.exe) can be exploited to cause a heap-based buffer overflow by sending specially crafted packets to the vulnerable service (default port 2444/TCP).
Note: This vulnerability does not affect CUCM 3.x.
Successful exploitation may allow execution of arbitrary code.
SOLUTION: Apply updated versions: Vulnerability #1 is corrected in CUCM versions 4.1(3)SR5, 4.2(3)SR2, 4.3(1)SR1 and 5.1(2). Vulnerability #2 is corrected in CUCM versions 3.3(5)SR2b, 4.1(3)SR5, 4.2(3)SR2, 4.3(1)SR1 and 5.1(2).
See vendor advisory for a detailed patch matrix.
PROVIDED AND/OR DISCOVERED BY: IBM Internet Security Systems X-Force
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
IBM Internet Security Systems: 1) http://www.iss.net/threats/270.html 2) http://www.iss.net/threats/271.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified callmanager",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "unified callmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1\\(2\\)"
},
{
"model": "unified communications manager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.3\\(1\\)"
},
{
"model": "unified callmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(3\\)sr4"
},
{
"model": "unified communications manager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "unified callmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "unified callmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2\\(3\\)sr1"
},
{
"model": "unified callmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "unified callmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "unified callmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "unified callmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3\\(5\\)sr2"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "unified callmanager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "200707111"
},
{
"model": "unified communications manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "200707111"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.2\\(3\\)sr1"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.1\\(1\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\(3\\)sr4"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.3\\(1\\)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.3\\(5\\)sr2"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(2)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(1)"
},
{
"model": "unified communications manager 4.2 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "unified callmanager 5.0 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(4)"
},
{
"model": "unified callmanager 5.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(2)"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(1)"
},
{
"model": "unified callmanager 4.3 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager 4.2 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager 4.1 sr5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager 4.1 sr4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "unified callmanager 3.3 sr2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager sr2",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager sr1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es32",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es24",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es07",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es55",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es50",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager es33",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "call manager sr2c",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager sr2b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager es62",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager es56",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager es40",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "call manager sr1a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager es30",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager es24",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(5)"
},
{
"model": "call manager es25",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager es61",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3(1)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"model": "call manager 4.1 sr4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager 5.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager 4.3 sr.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager sr2b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "unified callmanager sr5b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "unified callmanager 3.3 sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "24868"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
},
{
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_callmanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM ISS X-Force",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-21386",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-5278",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-273",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-21386",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21386"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
},
{
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. \nAn attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. Successful exploits may result in a complete compromise of affected servers. Failed exploit attempts will likely result in denial-of-service conditions. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Unified Communications Manager Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26043\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26043/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCisco Unified CallManager 5.x\nhttp://secunia.com/product/12535/\nCisco Unified CallManager 4.x\nhttp://secunia.com/product/12534/\nCisco Unified CallManager 3.x\nhttp://secunia.com/product/2805/\nCisco Unified Communications Manager 5.x\nhttp://secunia.com/product/11019/\nCisco Unified Communications Manager 4.x\nhttp://secunia.com/product/5363/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco Unified\nCommunications Manager (CUCM), which can be exploited by malicious\npeople to cause a DoS (Denial of Service) or potentially compromise a\nvulnerable system. \n\n1) An off-by-one error in the Certificate Trust List Provider service\n(CTLProvider.exe) can be exploited to cause a heap-based buffer\noverflow by sending specially crafted packets to the vulnerable\nservice (default port 2444/TCP). \n\nNote: This vulnerability does not affect CUCM 3.x. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nSOLUTION:\nApply updated versions:\nVulnerability #1 is corrected in CUCM versions 4.1(3)SR5, 4.2(3)SR2,\n4.3(1)SR1 and 5.1(2). \nVulnerability #2 is corrected in CUCM versions 3.3(5)SR2b, 4.1(3)SR5,\n4.2(3)SR2, 4.3(1)SR1 and 5.1(2). \n\nSee vendor advisory for a detailed patch matrix. \n\nPROVIDED AND/OR DISCOVERED BY:\nIBM Internet Security Systems X-Force\n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml\n\nIBM Internet Security Systems:\n1) http://www.iss.net/threats/270.html\n2) http://www.iss.net/threats/271.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5278"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"db": "BID",
"id": "24868"
},
{
"db": "VULHUB",
"id": "VHN-21386"
},
{
"db": "PACKETSTORM",
"id": "57691"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5278",
"trust": 2.8
},
{
"db": "BID",
"id": "24868",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26043",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "36121",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2512",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018369",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001225",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-273",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-21386",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57691",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21386"
},
{
"db": "BID",
"id": "24868"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"db": "PACKETSTORM",
"id": "57691"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
},
{
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"id": "VAR-200707-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21386"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:43:21.512000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20070711-cucm",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070711-cucm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
},
{
"trust": 1.8,
"url": "http://www.iss.net/threats/271.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24868"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/36121"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1018369"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26043"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2512"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5278"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5278"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2805/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12534/"
},
{
"trust": 0.1,
"url": "http://www.iss.net/threats/270.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12535/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5363/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11019/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26043/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21386"
},
{
"db": "BID",
"id": "24868"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"db": "PACKETSTORM",
"id": "57691"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
},
{
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21386"
},
{
"db": "BID",
"id": "24868"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"db": "PACKETSTORM",
"id": "57691"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
},
{
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-21386"
},
{
"date": "2007-07-11T00:00:00",
"db": "BID",
"id": "24868"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"date": "2007-07-13T00:55:11",
"db": "PACKETSTORM",
"id": "57691"
},
{
"date": "2007-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-273"
},
{
"date": "2007-07-15T22:30:00",
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-21386"
},
{
"date": "2016-07-05T21:38:00",
"db": "BID",
"id": "24868"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001225"
},
{
"date": "2019-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-273"
},
{
"date": "2024-11-21T00:18:35.180000",
"db": "NVD",
"id": "CVE-2006-5278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CUCM of RIS Data Collector Service integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-273"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.