cvelistv5 - cve-2007-5538

CVE-2007-5538 (GCVE-0-2007-5538)

Vulnerability from cvelistv5 – Published: 2007-10-18 00:00 – Updated: 2024-08-07 15:31

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/26105	vdb-entryx_refsource_BID
	http://osvdb.org/37940	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/3532	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id?1018828	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/27296	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:59.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26105",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "37940",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37940"
          },
          {
            "name": "ADV-2007-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "cucm-tftp-filename-bo(37247)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "1018828",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26105",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26105"
        },
        {
          "name": "37940",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37940"
        },
        {
          "name": "ADV-2007-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3532"
        },
        {
          "name": "cucm-tftp-filename-bo(37247)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
        },
        {
          "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
        },
        {
          "name": "1018828",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018828"
        },
        {
          "name": "27296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26105",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "37940",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37940"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "cucm-tftp-filename-bo(37247)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
            },
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5538",
    "datePublished": "2007-10-18T00:00:00",
    "dateReserved": "2007-10-17T00:00:00",
    "dateUpdated": "2024-08-07T15:31:59.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37FEF567-5F92-40BB-8581-3FCF584AAA1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1\\\\(2\\\\)\", \"matchCriteriaId\": \"C144784A-941D-4919-9E21-1E2AD2738A08\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en Centralized TFTP File Locator Service de Cisco Unified Communications Manager (CUCM, antes conocido como CallManager) 5.1 anterior a 5.1(3), y Unified CallManager 5.0, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n o provocar una denegaci\\u00f3n de servicio mediante vectores no especificados que implican el procesamiento de nombres de fichero, tambi\\u00e9n conocido como CSCsh47712.\"}]",
      "id": "CVE-2007-5538",
      "lastModified": "2024-11-21T00:38:08.203",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-18T00:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37940\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27296\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26105\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018828\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3532\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37247\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37940\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27296\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018828\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37247\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5538\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-18T00:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en Centralized TFTP File Locator Service de Cisco Unified Communications Manager (CUCM, antes conocido como CallManager) 5.1 anterior a 5.1(3), y Unified CallManager 5.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio mediante vectores no especificados que implican el procesamiento de nombres de fichero, tambi\u00e9n conocido como CSCsh47712.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FEF567-5F92-40BB-8581-3FCF584AAA1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\\\\(2\\\\)\",\"matchCriteriaId\":\"C144784A-941D-4919-9E21-1E2AD2738A08\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37940\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27296\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26105\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018828\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3532\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37247\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018828\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-5538

Vulnerability from fkie_nvd - Published: 2007-10-18 00:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://osvdb.org/37940
	cve@mitre.org	http://secunia.com/advisories/27296
	cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
	cve@mitre.org	http://www.securityfocus.com/bid/26105
	cve@mitre.org	http://www.securitytracker.com/id?1018828
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/3532
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37247
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37940
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27296
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26105
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018828
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3532
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37247

Impacted products

	Vendor	Product	Version
	cisco	unified_callmanager	5.0
	cisco	unified_communications_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEF567-5F92-40BB-8581-3FCF584AAA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C144784A-941D-4919-9E21-1E2AD2738A08",
              "versionEndIncluding": "5.1\\(2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Centralized TFTP File Locator Service de Cisco Unified Communications Manager (CUCM, antes conocido como CallManager) 5.1 anterior a 5.1(3), y Unified CallManager 5.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio mediante vectores no especificados que implican el procesamiento de nombres de fichero, tambi\u00e9n conocido como CSCsh47712."
    }
  ],
  "id": "CVE-2007-5538",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-18T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37940"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200710-0497

Vulnerability from variot - Updated: 2023-12-18 12:39

Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability. Successfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices. Versions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0497",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.1\\(2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.1(3)"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "unified communications manager 5.1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.1\\(2\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1(2)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1(1)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "unified callmanager 5.0 su1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(4)"
      },
      {
        "model": "unified callmanager 5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(3)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(2)"
      },
      {
        "model": "unified callmanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(1)"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1\\(2\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-5538",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-5538",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-28900",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5538",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200710-334",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28900",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability. \nSuccessfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices. \nVersions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28900"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5538",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26105",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "27296",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3532",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018828",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "37940",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "37247",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20071017 CISCO UNIFIED COMMUNICATIONS MANAGER DENIAL OF SERVICE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28900",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28900"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ]
  },
  "id": "VAR-200710-0497",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28900"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:39:43.864000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20071017-cucm",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20071017-cucm.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26105"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00808dda34.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37940"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018828"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27296"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/3532"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5538"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5538"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/37247"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/3532"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28900"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28900"
      },
      {
        "db": "BID",
        "id": "26105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28900"
      },
      {
        "date": "2007-10-17T00:00:00",
        "db": "BID",
        "id": "26105"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "date": "2007-10-18T00:17:00",
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "date": "2007-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28900"
      },
      {
        "date": "2007-10-31T19:36:00",
        "db": "BID",
        "id": "26105"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      },
      {
        "date": "2017-07-29T01:33:43.457000",
        "db": "NVD",
        "id": "CVE-2007-5538"
      },
      {
        "date": "2007-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CUCM of  Centralized TFTP File Locator Service Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002794"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-334"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2007-AVI-447

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs correctifs pour de multiples vulnérabilités touchant des produits Cisco ont été mis en ligne.

Description

Plusieurs vulnérabilités permettant entre autre des dénis de service et le contournement des politiques de sécurité sont corrigés dans les correctifs mis en ligne par Cisco.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les logiciels suivants nécessitent l'application du correctif ICM7.1(5)_ES46 :
- Cisco Unified Intelligent Contact Management Enterprise ;
- Cisco Unified ICM Hosted ;
- Cisco Unified Contact Center Enterprise ;
- Cisco Unified Contact center Hosted ;
- Cisco Unified CallManager ;
- Cisco System Unified Contact Enterprise.
Les boitiers Cisco PIX et ASA, avec les versions logicielles 7.0, 7.1, 7.2 et 8.0 sont vulnérables et nécéssitent l'installation du correctif ;
Les logiciels Cisco Unified CallManager 5.0 and Communications Manager 5.1 sont vulnérables, et nécessitent l'installation de la version 6.0 ;
Le module Cisco Firewall Services (version antérieure à la 3.2) est vulnérable et nécessite l'installation de la mise à jour.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 98833 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98711 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98612 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 97836 du 17 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eLes logiciels suivants n\u00e9cessitent l\u0027application du    correctif ICM7.1(5)_ES46 :      \u003cUL\u003e        \u003cLI\u003eCisco Unified Intelligent Contact Management Enterprise        ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified ICM Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact Center Enterprise ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact center Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified CallManager ;\u003c/LI\u003e        \u003cLI\u003eCisco System Unified Contact Enterprise.\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eLes boitiers Cisco PIX et ASA, avec les versions    logicielles 7.0, 7.1, 7.2 et 8.0 sont vuln\u00e9rables et    n\u00e9c\u00e9ssitent l\u0027installation du correctif ;\u003c/LI\u003e    \u003cLI\u003eLes logiciels Cisco Unified CallManager 5.0 and    Communications Manager 5.1 sont vuln\u00e9rables, et n\u00e9cessitent    l\u0027installation de la version 6.0 ;\u003c/LI\u003e    \u003cLI\u003eLe module Cisco Firewall Services (version ant\u00e9rieure \u00e0 la    3.2) est vuln\u00e9rable et n\u00e9cessite l\u0027installation de la mise \u00e0    jour.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s permettant entre autre des d\u00e9nis de service et\nle contournement des politiques de s\u00e9curit\u00e9 sont corrig\u00e9s dans les\ncorrectifs mis en ligne par Cisco.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5539"
    },
    {
      "name": "CVE-2007-5537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5537"
    },
    {
      "name": "CVE-2007-5538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5538"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98833 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98711 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98612 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 97836 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-447",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs correctifs pour de multiples vuln\u00e9rabilit\u00e9s touchant des\nproduits Cisco ont \u00e9t\u00e9 mis en ligne.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-447

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs correctifs pour de multiples vulnérabilités touchant des produits Cisco ont été mis en ligne.

Description

Plusieurs vulnérabilités permettant entre autre des dénis de service et le contournement des politiques de sécurité sont corrigés dans les correctifs mis en ligne par Cisco.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les logiciels suivants nécessitent l'application du correctif ICM7.1(5)_ES46 :
- Cisco Unified Intelligent Contact Management Enterprise ;
- Cisco Unified ICM Hosted ;
- Cisco Unified Contact Center Enterprise ;
- Cisco Unified Contact center Hosted ;
- Cisco Unified CallManager ;
- Cisco System Unified Contact Enterprise.
Les boitiers Cisco PIX et ASA, avec les versions logicielles 7.0, 7.1, 7.2 et 8.0 sont vulnérables et nécéssitent l'installation du correctif ;
Les logiciels Cisco Unified CallManager 5.0 and Communications Manager 5.1 sont vulnérables, et nécessitent l'installation de la version 6.0 ;
Le module Cisco Firewall Services (version antérieure à la 3.2) est vulnérable et nécessite l'installation de la mise à jour.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007	None	vendor-advisory
Bulletin de sécurité Cisco ID 98833 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98711 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 98612 du 17 octobre 2007 :	-	other
Bulletin de sécurité Cisco ID 97836 du 17 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eLes logiciels suivants n\u00e9cessitent l\u0027application du    correctif ICM7.1(5)_ES46 :      \u003cUL\u003e        \u003cLI\u003eCisco Unified Intelligent Contact Management Enterprise        ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified ICM Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact Center Enterprise ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified Contact center Hosted ;\u003c/LI\u003e        \u003cLI\u003eCisco Unified CallManager ;\u003c/LI\u003e        \u003cLI\u003eCisco System Unified Contact Enterprise.\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eLes boitiers Cisco PIX et ASA, avec les versions    logicielles 7.0, 7.1, 7.2 et 8.0 sont vuln\u00e9rables et    n\u00e9c\u00e9ssitent l\u0027installation du correctif ;\u003c/LI\u003e    \u003cLI\u003eLes logiciels Cisco Unified CallManager 5.0 and    Communications Manager 5.1 sont vuln\u00e9rables, et n\u00e9cessitent    l\u0027installation de la version 6.0 ;\u003c/LI\u003e    \u003cLI\u003eLe module Cisco Firewall Services (version ant\u00e9rieure \u00e0 la    3.2) est vuln\u00e9rable et n\u00e9cessite l\u0027installation de la mise \u00e0    jour.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s permettant entre autre des d\u00e9nis de service et\nle contournement des politiques de s\u00e9curit\u00e9 sont corrig\u00e9s dans les\ncorrectifs mis en ligne par Cisco.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5539"
    },
    {
      "name": "CVE-2007-5537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5537"
    },
    {
      "name": "CVE-2007-5538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5538"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98833 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98711 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 98612 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 97836 du 17 octobre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-447",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs correctifs pour de multiples vuln\u00e9rabilit\u00e9s touchant des\nproduits Cisco ont \u00e9t\u00e9 mis en ligne.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 de Cisco 97836, 98612, 98711 et 98833 du 17 octobre 2007",
      "url": null
    }
  ]
}

GHSA-76F8-93VW-4MCH

Vulnerability from github – Published: 2022-05-01 18:34 – Updated: 2022-05-01 18:34

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5538"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-18T00:17:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.",
  "id": "GHSA-76f8-93vw-4mch",
  "modified": "2022-05-01T18:34:28Z",
  "published": "2022-05-01T18:34:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5538"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37940"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27296"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26105"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018828"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3532"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-5538

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5538

Aliases

CVE-2007-5538

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5538",
    "description": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.",
    "id": "GSD-2007-5538"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5538"
      ],
      "details": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.",
      "id": "GSD-2007-5538",
      "modified": "2023-12-13T01:21:40.705940Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5538",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "26105",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26105"
          },
          {
            "name": "37940",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37940"
          },
          {
            "name": "ADV-2007-3532",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3532"
          },
          {
            "name": "cucm-tftp-filename-bo(37247)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
          },
          {
            "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
          },
          {
            "name": "1018828",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018828"
          },
          {
            "name": "27296",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27296"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1\\(2\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5538"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml"
            },
            {
              "name": "26105",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26105"
            },
            {
              "name": "1018828",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018828"
            },
            {
              "name": "27296",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27296"
            },
            {
              "name": "37940",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37940"
            },
            {
              "name": "ADV-2007-3532",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3532"
            },
            {
              "name": "cucm-tftp-filename-bo(37247)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-10-18T00:17Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5538 (GCVE-0-2007-5538)

FKIE_CVE-2007-5538

VAR-200710-0497

CERTA-2007-AVI-447

Description

Solution

CERTA-2007-AVI-447

Description

Solution

GHSA-76F8-93VW-4MCH

GSD-2007-5538

Tags

Sightings

Nomenclature