cvelistv5 - cve-2006-3593

CVE-2006-3593 (GCVE-0-2006-3593)

Vulnerability from cvelistv5

Published

2006-07-14 20:00

Modified

2024-08-07 18:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21030	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016475
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml
cve@mitre.org	http://www.osvdb.org/27161
cve@mitre.org	http://www.securityfocus.com/bid/18952
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2774
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27690
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21030	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016475
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27161
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18952
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2774
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27690

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T18:30:34.465Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1016475",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1016475",
               },
               {
                  name: "18952",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/18952",
               },
               {
                  name: "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
               },
               {
                  name: "ADV-2006-2774",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/2774",
               },
               {
                  name: "27161",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/27161",
               },
               {
                  name: "cisco-callmanager-cli-redirect(27690)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
               },
               {
                  name: "21030",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/21030",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-07-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-19T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1016475",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1016475",
            },
            {
               name: "18952",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/18952",
            },
            {
               name: "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
            },
            {
               name: "ADV-2006-2774",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/2774",
            },
            {
               name: "27161",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/27161",
            },
            {
               name: "cisco-callmanager-cli-redirect(27690)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
            },
            {
               name: "21030",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/21030",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2006-3593",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1016475",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1016475",
                  },
                  {
                     name: "18952",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/18952",
                  },
                  {
                     name: "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
                  },
                  {
                     name: "ADV-2006-2774",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2006/2774",
                  },
                  {
                     name: "27161",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/27161",
                  },
                  {
                     name: "cisco-callmanager-cli-redirect(27690)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
                  },
                  {
                     name: "21030",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/21030",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2006-3593",
      datePublished: "2006-07-14T20:00:00",
      dateReserved: "2006-07-14T00:00:00",
      dateUpdated: "2024-08-07T18:30:34.465Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5865997-F8B2-4ABB-96DF-3AE691A7CE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9211420-9F35-4872-879A-5F7CA29C6299\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7DD4B55-4C68-45CD-988E-D470C26E5E71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.\"}, {\"lang\": \"es\", \"value\": \"La interfaz de linea de comando (CLI) en Cisco Unified CallManager (CUCM) 5.0(1) hasta la 5.0(3a) permite a usuarios locales sobrescribir  archivos de su elecci\\u00f3n a trav\\u00e9s de la redirecci\\u00f3n de comandos de salida a un archivo o carpeta, tambi\\u00e9n conocida como fallo CSCse31704.\"}]",
         evaluatorSolution: "Update to version 5.0(4) or later.\r\n",
         id: "CVE-2006-3593",
         lastModified: "2024-11-21T00:13:59.057",
         metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2006-07-18T15:37:00.000",
         references: "[{\"url\": \"http://secunia.com/advisories/21030\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016475\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/27161\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18952\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2774\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27690\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/21030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016475\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/27161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2774\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27690\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2006-3593\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-07-18T15:37:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.\"},{\"lang\":\"es\",\"value\":\"La interfaz de linea de comando (CLI) en Cisco Unified CallManager (CUCM) 5.0(1) hasta la 5.0(3a) permite a usuarios locales sobrescribir  archivos de su elección a través de la redirección de comandos de salida a un archivo o carpeta, también conocida como fallo CSCse31704.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5865997-F8B2-4ABB-96DF-3AE691A7CE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9211420-9F35-4872-879A-5F7CA29C6299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DD4B55-4C68-45CD-988E-D470C26E5E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0\\\\(3a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21030\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016475\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/27161\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2774\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27690\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/27161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Update to version 5.0(4) or later.\\r\\n\"}}",
   },
}

var-200607-0354

Vulnerability from variot

The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. These specific issues are identified: - A local privilege-escalation vulnerability, documented as Cisco bug CSCse11005 - A local file-overwrite vulnerability, documented as Cisco bug CSCse31704 - A remote buffer-overflow vulnerability, documented as Cisco bug CSCsd96542 These issues allow local attackers to completely compromise affected devices, and remote attackers to execute arbitrary machine code in the context of the affected service. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. The CallManager CLI provides an alternate management interface to the system for diagnosing and troubleshooting the primary HTTPS-based management interface. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment.

Hardcore Disassembler / Reverse Engineer Wanted!

Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: Cisco Unified CallManager Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA21030

VERIFY ADVISORY: http://secunia.com/advisories/21030/

CRITICAL: Highly critical

IMPACT: Privilege escalation, DoS, System access

WHERE:

From remote

SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/11019/

DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified CallManager, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

1) Errors in various CLI commands can be exploited by an authenticated administrator to break out of the CLI environment and execute arbitrary Linux commands with root privileges.

3) A boundary error within the processing of SIP requests can be exploited to cause a buffer overflow via an overly long hostname string in a malicious SIP request.

Successful exploitation causes a DoS or allows execution of arbitrary code.

The vulnerabilities have been reported in versions 5.0(1), 5.0(2), 5.0(3), and 5.0(3a).

SOLUTION: Update to version 5.0(4) or later.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0354",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5.0\\(2\\)",
         },
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5.0\\(3a\\)",
         },
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5.0\\(3\\)",
         },
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "5.0\\(1\\)",
         },
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "5.0(1) to  5.0(3a)",
         },
         {
            model: "unified callmanager 5.0",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.0(3)",
         },
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.0(2)",
         },
         {
            model: "unified callmanager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.0(1)",
         },
         {
            model: "unified callmanager",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "5.0(4)",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "18952",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Security bulletin",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2006-3593",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "Single",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2006-3593",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8,
                  id: "VHN-19701",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:S/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2006-3593",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200607-251",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-19701",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-19701",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. These specific issues are identified:\n- A local privilege-escalation vulnerability, documented as Cisco bug CSCse11005\n- A local file-overwrite vulnerability, documented as Cisco bug CSCse31704\n- A remote buffer-overflow vulnerability, documented as Cisco bug CSCsd96542\nThese issues allow local attackers to completely compromise affected devices, and remote attackers to execute arbitrary machine code in the context of the affected service. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. The CallManager CLI provides an alternate management interface to the system for diagnosing and troubleshooting the primary HTTPS-based management interface. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC's and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Unified CallManager Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21030\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21030/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nPrivilege escalation, DoS, System access\n\nWHERE:\n>From remote\n\nSOFTWARE:\nCisco Unified CallManager 5.x\nhttp://secunia.com/product/11019/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco Unified CallManager,\nwhich can be exploited by malicious, local users to gain escalated\nprivileges or by malicious people to cause a DoS (Denial of Service)\nor compromise a vulnerable system. \n\n1) Errors in various CLI commands can be exploited by an\nauthenticated administrator to break out of the CLI environment and\nexecute arbitrary Linux commands with root privileges. \n\n3) A boundary error within the processing of SIP requests can be\nexploited to cause a buffer overflow via an overly long hostname\nstring in a malicious SIP request. \n\nSuccessful exploitation causes a DoS or allows execution of arbitrary\ncode. \n\nThe vulnerabilities have been reported in versions 5.0(1), 5.0(2),\n5.0(3), and 5.0(3a). \n\nSOLUTION:\nUpdate to version 5.0(4) or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            db: "BID",
            id: "18952",
         },
         {
            db: "VULHUB",
            id: "VHN-19701",
         },
         {
            db: "PACKETSTORM",
            id: "48213",
         },
      ],
      trust: 2.07,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2006-3593",
            trust: 2.8,
         },
         {
            db: "BID",
            id: "18952",
            trust: 2,
         },
         {
            db: "SECUNIA",
            id: "21030",
            trust: 1.8,
         },
         {
            db: "SECTRACK",
            id: "1016475",
            trust: 1.7,
         },
         {
            db: "VUPEN",
            id: "ADV-2006-2774",
            trust: 1.7,
         },
         {
            db: "OSVDB",
            id: "27161",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
            trust: 0.7,
         },
         {
            db: "CISCO",
            id: "20060712 MULTIPLE CISCO UNIFIED CALLMANAGER VULNERABILITIES",
            trust: 0.6,
         },
         {
            db: "XF",
            id: "27690",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-19701",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "48213",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-19701",
         },
         {
            db: "BID",
            id: "18952",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            db: "PACKETSTORM",
            id: "48213",
         },
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
   },
   id: "VAR-200607-0354",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-19701",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:13:08.634000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-20060712-cucm",
            trust: 0.8,
            url: "http://www.cisco.com/en/us/products/csa/cisco-sa-20060712-cucm.html",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "NVD-CWE-Other",
            trust: 1,
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/bid/18952",
         },
         {
            trust: 1.7,
            url: "http://www.cisco.com/en/us/products/products_security_advisory09186a00806e0b9f.shtml",
         },
         {
            trust: 1.7,
            url: "http://www.osvdb.org/27161",
         },
         {
            trust: 1.7,
            url: "http://securitytracker.com/id?1016475",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/21030",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2006/2774",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3593",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3593",
         },
         {
            trust: 0.6,
            url: "http://xforce.iss.net/xforce/xfdb/27690",
         },
         {
            trust: 0.6,
            url: "http://www.frsirt.com/english/advisories/2006/2774",
         },
         {
            trust: 0.4,
            url: "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml",
         },
         {
            trust: 0.3,
            url: "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/21030/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/secunia_security_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/hardcore_disassembler_and_reverse_engineer/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/product/11019/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/about_secunia_advisories/",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-19701",
         },
         {
            db: "BID",
            id: "18952",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            db: "PACKETSTORM",
            id: "48213",
         },
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-19701",
         },
         {
            db: "BID",
            id: "18952",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            db: "PACKETSTORM",
            id: "48213",
         },
         {
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2006-07-18T00:00:00",
            db: "VULHUB",
            id: "VHN-19701",
         },
         {
            date: "2006-07-12T00:00:00",
            db: "BID",
            id: "18952",
         },
         {
            date: "2012-12-20T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            date: "2006-07-13T17:58:07",
            db: "PACKETSTORM",
            id: "48213",
         },
         {
            date: "2006-07-18T15:37:00",
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            date: "2006-07-18T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-07-20T00:00:00",
            db: "VULHUB",
            id: "VHN-19701",
         },
         {
            date: "2016-07-05T21:38:00",
            db: "BID",
            id: "18952",
         },
         {
            date: "2012-12-20T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
         {
            date: "2017-07-20T01:32:25.617000",
            db: "NVD",
            id: "CVE-2006-3593",
         },
         {
            date: "2006-07-19T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "CUCM of  CLI Vulnerable to overwriting arbitrary files",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2006-002753",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "lack of information",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200607-251",
         },
      ],
      trust: 0.6,
   },
}

ghsa-v3vp-hcc4-xxfh

Vulnerability from github

Published

2022-05-01 07:10

Modified

2022-05-01 07:10

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2006-3593",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2006-07-18T15:37:00Z",
      severity: "MODERATE",
   },
   details: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
   id: "GHSA-v3vp-hcc4-xxfh",
   modified: "2022-05-01T07:10:36Z",
   published: "2022-05-01T07:10:36Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3593",
      },
      {
         type: "WEB",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
      },
      {
         type: "WEB",
         url: "http://secunia.com/advisories/21030",
      },
      {
         type: "WEB",
         url: "http://securitytracker.com/id?1016475",
      },
      {
         type: "WEB",
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
      },
      {
         type: "WEB",
         url: "http://www.osvdb.org/27161",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/18952",
      },
      {
         type: "WEB",
         url: "http://www.vupen.com/english/advisories/2006/2774",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

fkie_cve-2006-3593

Vulnerability from fkie_nvd

Published

2006-07-18 15:37

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21030	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016475
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml
cve@mitre.org	http://www.osvdb.org/27161
cve@mitre.org	http://www.securityfocus.com/bid/18952
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2774
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27690
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21030	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016475
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27161
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18952
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2774
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27690

Impacted products

Vendor	Product	Version
cisco	unified_callmanager	5.0\(1\)
cisco	unified_callmanager	5.0\(2\)
cisco	unified_callmanager	5.0\(3\)
cisco	unified_callmanager	5.0\(3a\)

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "C5865997-F8B2-4ABB-96DF-3AE691A7CE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "E9211420-9F35-4872-879A-5F7CA29C6299",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "D7DD4B55-4C68-45CD-988E-D470C26E5E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
      },
      {
         lang: "es",
         value: "La interfaz de linea de comando (CLI) en Cisco Unified CallManager (CUCM) 5.0(1) hasta la 5.0(3a) permite a usuarios locales sobrescribir  archivos de su elección a través de la redirección de comandos de salida a un archivo o carpeta, también conocida como fallo CSCse31704.",
      },
   ],
   evaluatorSolution: "Update to version 5.0(4) or later.\r\n",
   id: "CVE-2006-3593",
   lastModified: "2025-04-03T01:03:51.193",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2006-07-18T15:37:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/21030",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1016475",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/27161",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/18952",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2006/2774",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/21030",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1016475",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/27161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/18952",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/2774",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

gsd-2006-3593

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3593

Aliases

CVE-2006-3593

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2006-3593",
      description: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
      id: "GSD-2006-3593",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2006-3593",
         ],
         details: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
         id: "GSD-2006-3593",
         modified: "2023-12-13T01:19:57.653552Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2006-3593",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "1016475",
                  refsource: "SECTRACK",
                  url: "http://securitytracker.com/id?1016475",
               },
               {
                  name: "18952",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/18952",
               },
               {
                  name: "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
                  refsource: "CISCO",
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
               },
               {
                  name: "ADV-2006-2774",
                  refsource: "VUPEN",
                  url: "http://www.vupen.com/english/advisories/2006/2774",
               },
               {
                  name: "27161",
                  refsource: "OSVDB",
                  url: "http://www.osvdb.org/27161",
               },
               {
                  name: "cisco-callmanager-cli-redirect(27690)",
                  refsource: "XF",
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
               },
               {
                  name: "21030",
                  refsource: "SECUNIA",
                  url: "http://secunia.com/advisories/21030",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2006-3593",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "NVD-CWE-Other",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
                     refsource: "CISCO",
                     tags: [],
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00806e0b9f.shtml",
                  },
                  {
                     name: "21030",
                     refsource: "SECUNIA",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://secunia.com/advisories/21030",
                  },
                  {
                     name: "1016475",
                     refsource: "SECTRACK",
                     tags: [],
                     url: "http://securitytracker.com/id?1016475",
                  },
                  {
                     name: "27161",
                     refsource: "OSVDB",
                     tags: [],
                     url: "http://www.osvdb.org/27161",
                  },
                  {
                     name: "18952",
                     refsource: "BID",
                     tags: [],
                     url: "http://www.securityfocus.com/bid/18952",
                  },
                  {
                     name: "ADV-2006-2774",
                     refsource: "VUPEN",
                     tags: [],
                     url: "http://www.vupen.com/english/advisories/2006/2774",
                  },
                  {
                     name: "cisco-callmanager-cli-redirect(27690)",
                     refsource: "XF",
                     tags: [],
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27690",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                  version: "2.0",
               },
               exploitabilityScore: 8,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2017-07-20T01:32Z",
         publishedDate: "2006-07-18T15:37Z",
      },
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-3593 (GCVE-0-2006-3593)

Vulnerability from cvelistv5

var-200607-0354

Vulnerability from variot

ghsa-v3vp-hcc4-xxfh

Vulnerability from github

fkie_cve-2006-3593

Vulnerability from fkie_nvd

gsd-2006-3593

Vulnerability from gsd

Tags

Sightings

Nomenclature