cvelistv5 - CVE-2007-5537

CVE-2007-5537 (GCVE-0-2007-5537)

Vulnerability from cvelistv5 – Published: 2007-10-18 00:00 – Updated: 2024-08-07 15:31

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/26105	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2007/3532	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://osvdb.org/37941	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1018828	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/27296	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:59.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26105",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "cucm-sip-invite-dos(37246)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
          },
          {
            "name": "ADV-2007-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "37941",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37941"
          },
          {
            "name": "1018828",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26105",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26105"
        },
        {
          "name": "cucm-sip-invite-dos(37246)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
        },
        {
          "name": "ADV-2007-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3532"
        },
        {
          "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
        },
        {
          "name": "37941",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37941"
        },
        {
          "name": "1018828",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018828"
        },
        {
          "name": "27296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26105",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "cucm-sip-invite-dos(37246)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "37941",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37941"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5537",
    "datePublished": "2007-10-18T00:00:00",
    "dateReserved": "2007-10-17T00:00:00",
    "dateUpdated": "2024-08-07T15:31:59.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37FEF567-5F92-40BB-8581-3FCF584AAA1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1\\\\(2\\\\)\", \"matchCriteriaId\": \"C144784A-941D-4919-9E21-1E2AD2738A08\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.\"}, {\"lang\": \"es\", \"value\": \"Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegaci\\u00f3n de servicio (kernel panic) mediante una inundaci\\u00f3n de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, tambi\\u00e9n conocida como, CSCsi75822.\"}]",
      "id": "CVE-2007-5537",
      "lastModified": "2024-11-21T00:38:08.053",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-18T00:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37941\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27296\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26105\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018828\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3532\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37246\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37941\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27296\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018828\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37246\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5537\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-18T00:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.\"},{\"lang\":\"es\",\"value\":\"Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (kernel panic) mediante una inundaci\u00f3n de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, tambi\u00e9n conocida como, CSCsi75822.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FEF567-5F92-40BB-8581-3FCF584AAA1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\\\\(2\\\\)\",\"matchCriteriaId\":\"C144784A-941D-4919-9E21-1E2AD2738A08\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37941\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27296\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26105\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018828\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3532\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37246\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37941\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018828\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200710-0496

Vulnerability from variot - Updated: 2023-12-18 12:39

Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability. Successfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices. Versions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues. A denial of service vulnerability exists in the CUCM Session Initiation Protocol (SIP) stack

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0496",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "5.1(2)"
      },
      {
        "model": "unified communications manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.1\\(2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "unified communications manager 5.1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.1\\(2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1(1)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "unified callmanager 5.0 su1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(4)"
      },
      {
        "model": "unified callmanager 5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(3)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(2)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1\\(2\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-5537",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-5537",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-28899",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5537",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200710-339",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28899",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability. \nSuccessfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices. \nVersions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues. A denial of service vulnerability exists in the CUCM Session Initiation Protocol (SIP) stack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28899"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5537",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26105",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "27296",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3532",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "37941",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018828",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "37246",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20071017 CISCO UNIFIED COMMUNICATIONS MANAGER DENIAL OF SERVICE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28899",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28899"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ]
  },
  "id": "VAR-200710-0496",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28899"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:39:43.895000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20071017-cucm",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20071017-cucm.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26105"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00808dda34.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37941"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018828"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27296"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/3532"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5537"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5537"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/37246"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/3532"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28899"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28899"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28899"
      },
      {
        "date": "2007-10-17T00:00:00",
        "db": "BID",
        "id": "26105"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "date": "2007-10-18T00:17:00",
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "date": "2007-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28899"
      },
      {
        "date": "2007-10-31T19:36:00",
        "db": "BID",
        "id": "26105"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      },
      {
        "date": "2017-07-29T01:33:43.413000",
        "db": "NVD",
        "id": "CVE-2007-5537"
      },
      {
        "date": "2007-10-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CUCM Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002793"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-339"
      }
    ],
    "trust": 0.6
  }
}

GHSA-62W5-FWXX-RPGG

Vulnerability from github – Published: 2022-05-01 18:34 – Updated: 2022-05-01 18:34

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5537"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-18T00:17:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.",
  "id": "GHSA-62w5-fwxx-rpgg",
  "modified": "2022-05-01T18:34:25Z",
  "published": "2022-05-01T18:34:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5537"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37941"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-5537

Vulnerability from fkie_nvd - Published: 2007-10-18 00:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://osvdb.org/37941
	cve@mitre.org	http://secunia.com/advisories/27296
	cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
	cve@mitre.org	http://www.securityfocus.com/bid/26105
	cve@mitre.org	http://www.securitytracker.com/id?1018828
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/3532
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37246
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37941
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27296
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26105
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018828
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3532
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37246

Impacted products

	Vendor	Product	Version
	cisco	unified_callmanager	5.0
	cisco	unified_communications_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEF567-5F92-40BB-8581-3FCF584AAA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C144784A-941D-4919-9E21-1E2AD2738A08",
              "versionEndIncluding": "5.1\\(2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
    },
    {
      "lang": "es",
      "value": "Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (kernel panic) mediante una inundaci\u00f3n de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, tambi\u00e9n conocida como, CSCsi75822."
    }
  ],
  "id": "CVE-2007-5537",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-18T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37941"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-447

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs correctifs pour de multiples vulnérabilités touchant des produits Cisco ont été mis en ligne.

Description

Plusieurs vulnérabilités permettant entre autre des dénis de service et le contournement des politiques de sécurité sont corrigés dans les correctifs mis en ligne par Cisco.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les logiciels suivants nécessitent l'application du correctif ICM7.1(5)_ES46 :
- Cisco Unified Intelligent Contact Management Enterprise ;
- Cisco Unified ICM Hosted ;
- Cisco Unified Contact Center Enterprise ;
- Cisco Unified Contact center Hosted ;
- Cisco Unified CallManager ;
- Cisco System Unified Contact Enterprise.
Les boitiers Cisco PIX et ASA, avec les versions logicielles 7.0, 7.1, 7.2 et 8.0 sont vulnérables et nécéssitent l'installation du correctif ;
Les logiciels Cisco Unified CallManager 5.0 and Communications Manager 5.1 sont vulnérables, et nécessitent l'installation de la version 6.0 ;
Le module Cisco Firewall Services (version antérieure à la 3.2) est vulnérable et nécessite l'installation de la mise à jour.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 98833 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98711 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98612 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 97836 du 17 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eLes logiciels suivants n\u00e9cessitent l\u0027application du    correctif ICM7.1(5)_ES46 :      \u003cUL\u003e        \u003cLI\u003eCisco Unified Intelligent Contact Management Enterprise        ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified ICM Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact Center Enterprise ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact center Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified CallManager ;\u003c/LI\u003e        \u003cLI\u003eCisco System Unified Contact Enterprise.\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eLes boitiers Cisco PIX et ASA, avec les versions    logicielles 7.0, 7.1, 7.2 et 8.0 sont vuln\u00e9rables et    n\u00e9c\u00e9ssitent l\u0027installation du correctif ;\u003c/LI\u003e    \u003cLI\u003eLes logiciels Cisco Unified CallManager 5.0 and    Communications Manager 5.1 sont vuln\u00e9rables, et n\u00e9cessitent    l\u0027installation de la version 6.0 ;\u003c/LI\u003e    \u003cLI\u003eLe module Cisco Firewall Services (version ant\u00e9rieure \u00e0 la    3.2) est vuln\u00e9rable et n\u00e9cessite l\u0027installation de la mise \u00e0    jour.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s permettant entre autre des d\u00e9nis de service et\nle contournement des politiques de s\u00e9curit\u00e9 sont corrig\u00e9s dans les\ncorrectifs mis en ligne par Cisco.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5539"
    },
    {
      "name": "CVE-2007-5537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5537"
    },
    {
      "name": "CVE-2007-5538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5538"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98833 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98711 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98612 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 97836 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-447",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs correctifs pour de multiples vuln\u00e9rabilit\u00e9s touchant des\nproduits Cisco ont \u00e9t\u00e9 mis en ligne.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-447

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs correctifs pour de multiples vulnérabilités touchant des produits Cisco ont été mis en ligne.

Description

Plusieurs vulnérabilités permettant entre autre des dénis de service et le contournement des politiques de sécurité sont corrigés dans les correctifs mis en ligne par Cisco.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les logiciels suivants nécessitent l'application du correctif ICM7.1(5)_ES46 :
- Cisco Unified Intelligent Contact Management Enterprise ;
- Cisco Unified ICM Hosted ;
- Cisco Unified Contact Center Enterprise ;
- Cisco Unified Contact center Hosted ;
- Cisco Unified CallManager ;
- Cisco System Unified Contact Enterprise.
Les boitiers Cisco PIX et ASA, avec les versions logicielles 7.0, 7.1, 7.2 et 8.0 sont vulnérables et nécéssitent l'installation du correctif ;
Les logiciels Cisco Unified CallManager 5.0 and Communications Manager 5.1 sont vulnérables, et nécessitent l'installation de la version 6.0 ;
Le module Cisco Firewall Services (version antérieure à la 3.2) est vulnérable et nécessite l'installation de la mise à jour.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 98833 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98711 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98612 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 97836 du 17 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eLes logiciels suivants n\u00e9cessitent l\u0027application du    correctif ICM7.1(5)_ES46 :      \u003cUL\u003e        \u003cLI\u003eCisco Unified Intelligent Contact Management Enterprise        ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified ICM Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact Center Enterprise ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact center Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified CallManager ;\u003c/LI\u003e        \u003cLI\u003eCisco System Unified Contact Enterprise.\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eLes boitiers Cisco PIX et ASA, avec les versions    logicielles 7.0, 7.1, 7.2 et 8.0 sont vuln\u00e9rables et    n\u00e9c\u00e9ssitent l\u0027installation du correctif ;\u003c/LI\u003e    \u003cLI\u003eLes logiciels Cisco Unified CallManager 5.0 and    Communications Manager 5.1 sont vuln\u00e9rables, et n\u00e9cessitent    l\u0027installation de la version 6.0 ;\u003c/LI\u003e    \u003cLI\u003eLe module Cisco Firewall Services (version ant\u00e9rieure \u00e0 la    3.2) est vuln\u00e9rable et n\u00e9cessite l\u0027installation de la mise \u00e0    jour.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s permettant entre autre des d\u00e9nis de service et\nle contournement des politiques de s\u00e9curit\u00e9 sont corrig\u00e9s dans les\ncorrectifs mis en ligne par Cisco.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5539"
    },
    {
      "name": "CVE-2007-5537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5537"
    },
    {
      "name": "CVE-2007-5538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5538"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98833 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98711 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98612 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 97836 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-447",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs correctifs pour de multiples vuln\u00e9rabilit\u00e9s touchant des\nproduits Cisco ont \u00e9t\u00e9 mis en ligne.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007",
      "url": null
    }
  ]
}

GSD-2007-5537

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5537

Aliases

CVE-2007-5537

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5537",
    "description": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.",
    "id": "GSD-2007-5537"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5537"
      ],
      "details": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.",
      "id": "GSD-2007-5537",
      "modified": "2023-12-13T01:21:41.336212Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5537",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "26105",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "cucm-sip-invite-dos(37246)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
          },
          {
            "name": "ADV-2007-3532",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "37941",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37941"
          },
          {
            "name": "1018828",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27296"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1\\(2\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5537"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "26105",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27296"
            },
            {
              "name": "37941",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37941"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "cucm-sip-invite-dos(37246)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-10-18T00:17Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5537 (GCVE-0-2007-5537)

VAR-200710-0496

GHSA-62W5-FWXX-RPGG

FKIE_CVE-2007-5537

CERTA-2007-AVI-447

Description

Solution

CERTA-2007-AVI-447

Description

Solution

GSD-2007-5537

Tags

Sightings

Nomenclature