cvelistv5 - cve-2006-3592

cve-2006-3592

Vulnerability from cvelistv5

Published

2006-07-14 20:00

Modified

2024-08-07 18:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21030	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016475
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
cve@mitre.org	http://www.osvdb.org/27160
cve@mitre.org	http://www.securityfocus.com/bid/18952
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2774
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27689
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21030	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016475
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27160
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18952
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2774
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27689

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:34.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27160",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27160"
          },
          {
            "name": "1016475",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016475"
          },
          {
            "name": "18952",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18952"
          },
          {
            "name": "cisco-calllmanager-cli-command-execution(27689)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
          },
          {
            "name": "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
          },
          {
            "name": "ADV-2006-2774",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2774"
          },
          {
            "name": "21030",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21030"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27160",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27160"
        },
        {
          "name": "1016475",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016475"
        },
        {
          "name": "18952",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18952"
        },
        {
          "name": "cisco-calllmanager-cli-command-execution(27689)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
        },
        {
          "name": "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
        },
        {
          "name": "ADV-2006-2774",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2774"
        },
        {
          "name": "21030",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21030"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27160",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27160"
            },
            {
              "name": "1016475",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016475"
            },
            {
              "name": "18952",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18952"
            },
            {
              "name": "cisco-calllmanager-cli-command-execution(27689)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
            },
            {
              "name": "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
            },
            {
              "name": "ADV-2006-2774",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2774"
            },
            {
              "name": "21030",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21030"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3592",
    "datePublished": "2006-07-14T20:00:00",
    "dateReserved": "2006-07-14T00:00:00",
    "dateUpdated": "2024-08-07T18:30:34.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5865997-F8B2-4ABB-96DF-3AE691A7CE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9211420-9F35-4872-879A-5F7CA29C6299\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7DD4B55-4C68-45CD-988E-D470C26E5E71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \\\"certain CLI commands,\\\" aka bug CSCse11005.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en la interfaz de l\\u00ednea de comando (CLI) en Cisco Unified CallManager (CUCM) 5.0(1) hasta la 5.0(3a) permite a usuarios locales ejecutar comandos de su elecci\\u00f3n con privilegios elevados a trav\\u00e9s de vectores no especificados, afectando a \\\"ciertos comandos CLI\\\", tambi\\u00e9n conocido como fallo CSCse11005.\"}]",
      "evaluatorSolution": "Upgrade to Cisco Unified CallManager version 5.0(4) :\r\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-50",
      "id": "CVE-2006-3592",
      "lastModified": "2024-11-21T00:13:58.270",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-07-18T15:37:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/21030\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016475\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27160\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18952\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2774\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27689\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/21030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016475\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2774\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3592\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-07-18T15:37:00.000\",\"lastModified\":\"2024-11-21T00:13:58.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \\\"certain CLI commands,\\\" aka bug CSCse11005.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en la interfaz de l\u00ednea de comando (CLI) en Cisco Unified CallManager (CUCM) 5.0(1) hasta la 5.0(3a) permite a usuarios locales ejecutar comandos de su elecci\u00f3n con privilegios elevados a trav\u00e9s de vectores no especificados, afectando a \\\"ciertos comandos CLI\\\", tambi\u00e9n conocido como fallo CSCse11005.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5865997-F8B2-4ABB-96DF-3AE691A7CE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9211420-9F35-4872-879A-5F7CA29C6299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DD4B55-4C68-45CD-988E-D470C26E5E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21030\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016475\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27160\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2774\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27689\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Upgrade to Cisco Unified CallManager version 5.0(4) :\\r\\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-50\"}}"
  }
}

ghsa-vrm2-68wq-2hr3

Vulnerability from github

Published

2022-05-01 07:10

Modified

2022-05-01 07:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3592"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-07-18T15:37:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005.",
  "id": "GHSA-vrm2-68wq-2hr3",
  "modified": "2022-05-01T07:10:36Z",
  "published": "2022-05-01T07:10:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3592"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21030"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016475"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/27160"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18952"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2774"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2006-3592

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3592

Aliases

CVE-2006-3592

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3592",
    "description": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005.",
    "id": "GSD-2006-3592"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3592"
      ],
      "details": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005.",
      "id": "GSD-2006-3592",
      "modified": "2023-12-13T01:19:57.066125Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3592",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "27160",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/27160"
          },
          {
            "name": "1016475",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016475"
          },
          {
            "name": "18952",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18952"
          },
          {
            "name": "cisco-calllmanager-cli-command-execution(27689)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
          },
          {
            "name": "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
          },
          {
            "name": "ADV-2006-2774",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2774"
          },
          {
            "name": "21030",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21030"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3592"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
            },
            {
              "name": "21030",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21030"
            },
            {
              "name": "1016475",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016475"
            },
            {
              "name": "27160",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/27160"
            },
            {
              "name": "18952",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18952"
            },
            {
              "name": "ADV-2006-2774",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2774"
            },
            {
              "name": "cisco-calllmanager-cli-command-execution(27689)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:32Z",
      "publishedDate": "2006-07-18T15:37Z"
    }
  }
}

fkie_cve-2006-3592

Vulnerability from fkie_nvd

Published

2006-07-18 15:37

Modified

2024-11-21 00:13

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21030	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016475
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
cve@mitre.org	http://www.osvdb.org/27160
cve@mitre.org	http://www.securityfocus.com/bid/18952
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2774
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27689
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21030	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016475
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27160
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18952
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2774
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27689

Impacted products

Vendor	Product	Version
cisco	unified_callmanager	5.0\(1\)
cisco	unified_callmanager	5.0\(2\)
cisco	unified_callmanager	5.0\(3\)
cisco	unified_callmanager	5.0\(3a\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C5865997-F8B2-4ABB-96DF-3AE691A7CE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E9211420-9F35-4872-879A-5F7CA29C6299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DD4B55-4C68-45CD-988E-D470C26E5E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la interfaz de l\u00ednea de comando (CLI) en Cisco Unified CallManager (CUCM) 5.0(1) hasta la 5.0(3a) permite a usuarios locales ejecutar comandos de su elecci\u00f3n con privilegios elevados a trav\u00e9s de vectores no especificados, afectando a \"ciertos comandos CLI\", tambi\u00e9n conocido como fallo CSCse11005."
    }
  ],
  "evaluatorSolution": "Upgrade to Cisco Unified CallManager version 5.0(4) :\r\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-50",
  "id": "CVE-2006-3592",
  "lastModified": "2024-11-21T00:13:58.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-18T15:37:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016475"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27160"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18952"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2774"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. These specific issues are identified: - A local privilege-escalation vulnerability, documented as Cisco bug CSCse11005 - A local file-overwrite vulnerability, documented as Cisco bug CSCse31704 - A remote buffer-overflow vulnerability, documented as Cisco bug CSCsd96542 These issues allow local attackers to completely compromise affected devices, and remote attackers to execute arbitrary machine code in the context of the affected service. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. The CallManager CLI provides an alternate management interface to the system for diagnosing and troubleshooting the primary HTTPS-based management interface. The vulnerabilities allow command output to be redirected to a file or folder specified on the command line. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment.

Hardcore Disassembler / Reverse Engineer Wanted!

Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: Cisco Unified CallManager Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA21030

VERIFY ADVISORY: http://secunia.com/advisories/21030/

CRITICAL: Highly critical

IMPACT: Privilege escalation, DoS, System access

WHERE:

From remote

SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/11019/

DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified CallManager, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

2) An unspecified error makes it possible to for an authenticated administrator to overwrite arbitrary files or folders with output of CLI commands.

3) A boundary error within the processing of SIP requests can be exploited to cause a buffer overflow via an overly long hostname string in a malicious SIP request.

Successful exploitation causes a DoS or allows execution of arbitrary code.

The vulnerabilities have been reported in versions 5.0(1), 5.0(2), 5.0(3), and 5.0(3a).

SOLUTION: Update to version 5.0(4) or later.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0353",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.0\\(2\\)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.0\\(3a\\)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.0\\(3\\)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.0\\(1\\)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.0(1) to  5.0(3a)"
      },
      {
        "model": "unified callmanager 5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(3)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(2)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "unified callmanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(4)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "18952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3592",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-3592",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-19700",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3592",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200607-226",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19700",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2006-3592",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19700"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving \"certain CLI commands,\" aka bug CSCse11005. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. These specific issues are identified:\n- A local privilege-escalation vulnerability, documented as Cisco bug CSCse11005\n- A local file-overwrite vulnerability, documented as Cisco bug CSCse31704\n- A remote buffer-overflow vulnerability, documented as Cisco bug CSCsd96542\nThese issues allow local attackers to completely compromise affected devices, and remote attackers to execute arbitrary machine code in the context of the affected service. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. The CallManager CLI provides an alternate management interface to the system for diagnosing and troubleshooting the primary HTTPS-based management interface. The vulnerabilities allow command output to be redirected to a file or folder specified on the command line. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Unified CallManager Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21030\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21030/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nPrivilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCisco Unified CallManager 5.x\nhttp://secunia.com/product/11019/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco Unified CallManager,\nwhich can be exploited by malicious, local users to gain escalated\nprivileges or by malicious people to cause a DoS (Denial of Service)\nor compromise a vulnerable system. \n\n2) An unspecified error makes it possible to for an authenticated\nadministrator to overwrite arbitrary files or folders with output of\nCLI commands. \n\n3) A boundary error within the processing of SIP requests can be\nexploited to cause a buffer overflow via an overly long hostname\nstring in a malicious SIP request. \n\nSuccessful exploitation causes a DoS or allows execution of arbitrary\ncode. \n\nThe vulnerabilities have been reported in versions 5.0(1), 5.0(2),\n5.0(3), and 5.0(3a). \n\nSOLUTION:\nUpdate to version 5.0(4) or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "db": "BID",
        "id": "18952"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19700"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "db": "PACKETSTORM",
        "id": "48213"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-3592",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "18952",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "21030",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1016475",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2774",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "27160",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20060712 MULTIPLE CISCO UNIFIED CALLMANAGER VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "27689",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-19700",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-3592",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48213",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19700"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "db": "BID",
        "id": "18952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "db": "PACKETSTORM",
        "id": "48213"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ]
  },
  "id": "VAR-200607-0353",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19700"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:08.545000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20060712-cucm",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20060712-cucm"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/cvedb/poc-list "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/18952"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/27160"
      },
      {
        "trust": 1.8,
        "url": "http://securitytracker.com/id?1016475"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/21030"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2006/2774"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27689"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3592"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3592"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/27689"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2774"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/cvedb/poc-list"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21030/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11019/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19700"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "db": "BID",
        "id": "18952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "db": "PACKETSTORM",
        "id": "48213"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19700"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "db": "BID",
        "id": "18952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "db": "PACKETSTORM",
        "id": "48213"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-07-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19700"
      },
      {
        "date": "2006-07-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "date": "2006-07-12T00:00:00",
        "db": "BID",
        "id": "18952"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "date": "2006-07-13T17:58:07",
        "db": "PACKETSTORM",
        "id": "48213"
      },
      {
        "date": "2006-07-18T15:37:00",
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "date": "2006-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19700"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2006-3592"
      },
      {
        "date": "2016-07-05T21:38:00",
        "db": "BID",
        "id": "18952"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      },
      {
        "date": "2017-07-20T01:32:25.553000",
        "db": "NVD",
        "id": "CVE-2006-3592"
      },
      {
        "date": "2006-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "48213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CUCM of  CLI Vulnerable to arbitrary command execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002752"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-226"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-3592

Vulnerability from cvelistv5

ghsa-vrm2-68wq-2hr3

Vulnerability from github

gsd-2006-3592

Vulnerability from gsd

fkie_cve-2006-3592

Vulnerability from fkie_nvd

var-200607-0353

Vulnerability from variot

Tags

Sightings

Nomenclature