cvelistv5 - cve-2007-5539

cve-2007-5539

Vulnerability from cvelistv5

Published

2007-10-18 00:00

Modified

2024-08-07 15:31

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/37938
cve@mitre.org	http://secunia.com/advisories/27214	Vendor Advisory
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml
cve@mitre.org	http://www.securityfocus.com/bid/26106
cve@mitre.org	http://www.securitytracker.com/id?1018829
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3533	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37248
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37938
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27214	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26106
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018829
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3533	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37248

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:59.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20071017 Cisco Unified Communications Web-based Management Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
          },
          {
            "name": "ADV-2007-3533",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3533"
          },
          {
            "name": "37938",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37938"
          },
          {
            "name": "cisco-webview-unauthorized-access(37248)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
          },
          {
            "name": "1018829",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018829"
          },
          {
            "name": "27214",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27214"
          },
          {
            "name": "26106",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26106"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20071017 Cisco Unified Communications Web-based Management Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
        },
        {
          "name": "ADV-2007-3533",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3533"
        },
        {
          "name": "37938",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37938"
        },
        {
          "name": "cisco-webview-unauthorized-access(37248)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
        },
        {
          "name": "1018829",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018829"
        },
        {
          "name": "27214",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27214"
        },
        {
          "name": "26106",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26106"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071017 Cisco Unified Communications Web-based Management Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
            },
            {
              "name": "ADV-2007-3533",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3533"
            },
            {
              "name": "37938",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37938"
            },
            {
              "name": "cisco-webview-unauthorized-access(37248)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
            },
            {
              "name": "1018829",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018829"
            },
            {
              "name": "27214",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27214"
            },
            {
              "name": "26106",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26106"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5539",
    "datePublished": "2007-10-18T00:00:00",
    "dateReserved": "2007-10-17T00:00:00",
    "dateUpdated": "2024-08-07T15:31:59.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C72EB4AF-531A-4EA3-A10E-4F8344C52F49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_enterprise:7.1\\\\(5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5AE16C9-6712-4964-B32E-3D5BE09B19ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D98D843F-F954-4398-852B-9DBD76AD7EE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_icm_hosted:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36F355CE-F84F-47ED-9D4A-BB67074F763C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19D8C181-8AEA-4383-B2B0-CBB8F59115C3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad no especificada en Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH) y System Unified Contact Center Enterprise (SUCCE) versi\\u00f3n 7.1 (5), permite a usuarios autenticados remotos alcanzar privilegios y leer reportes o cambiar la configuraci\\u00f3n de SUCCE, por medio de ciertas interfaces web, tambi\\u00e9n se conoce como CSCsj55686.\"}]",
      "id": "CVE-2007-5539",
      "lastModified": "2024-11-21T00:38:08.357",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-18T00:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37938\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27214\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26106\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018829\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3533\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37248\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37938\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018829\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3533\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37248\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5539\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-18T00:17:00.000\",\"lastModified\":\"2024-11-21T00:38:08.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad no especificada en Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH) y System Unified Contact Center Enterprise (SUCCE) versi\u00f3n 7.1 (5), permite a usuarios autenticados remotos alcanzar privilegios y leer reportes o cambiar la configuraci\u00f3n de SUCCE, por medio de ciertas interfaces web, tambi\u00e9n se conoce como CSCsj55686.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C72EB4AF-531A-4EA3-A10E-4F8344C52F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise:7.1\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5AE16C9-6712-4964-B32E-3D5BE09B19ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D98D843F-F954-4398-852B-9DBD76AD7EE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_icm_hosted:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F355CE-F84F-47ED-9D4A-BB67074F763C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19D8C181-8AEA-4383-B2B0-CBB8F59115C3\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37938\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27214\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26106\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018829\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3533\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37248\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37938\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3533\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cve-2007-5539

Vulnerability from fkie_nvd

Published

2007-10-18 00:17

Modified

2024-11-21 00:38

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/37938
cve@mitre.org	http://secunia.com/advisories/27214	Vendor Advisory
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml
cve@mitre.org	http://www.securityfocus.com/bid/26106
cve@mitre.org	http://www.securitytracker.com/id?1018829
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3533	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37248
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37938
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27214	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26106
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018829
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3533	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37248

Impacted products

Vendor	Product	Version
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	7.1\(5\)
cisco	unified_contact_center_hosted	*
cisco	unified_icm_hosted	*
cisco	unified_intelligent_contact_management_enterprise	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C72EB4AF-531A-4EA3-A10E-4F8344C52F49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:7.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B5AE16C9-6712-4964-B32E-3D5BE09B19ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D98D843F-F954-4398-852B-9DBD76AD7EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_icm_hosted:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F355CE-F84F-47ED-9D4A-BB67074F763C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D8C181-8AEA-4383-B2B0-CBB8F59115C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH) y System Unified Contact Center Enterprise (SUCCE) versi\u00f3n 7.1 (5), permite a usuarios autenticados remotos alcanzar privilegios y leer reportes o cambiar la configuraci\u00f3n de SUCCE, por medio de ciertas interfaces web, tambi\u00e9n se conoce como CSCsj55686."
    }
  ],
  "id": "CVE-2007-5539",
  "lastModified": "2024-11-21T00:38:08.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-18T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37938"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26106"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018829"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3533"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2007-5539

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-5539

Aliases

CVE-2007-5539

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5539",
    "description": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.",
    "id": "GSD-2007-5539"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5539"
      ],
      "details": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.",
      "id": "GSD-2007-5539",
      "modified": "2023-12-13T01:21:40.764366Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5539",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20071017 Cisco Unified Communications Web-based Management Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
          },
          {
            "name": "ADV-2007-3533",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3533"
          },
          {
            "name": "37938",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37938"
          },
          {
            "name": "cisco-webview-unauthorized-access(37248)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
          },
          {
            "name": "1018829",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018829"
          },
          {
            "name": "27214",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27214"
          },
          {
            "name": "26106",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26106"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_icm_hosted:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:7.1\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5539"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071017 Cisco Unified Communications Web-based Management Vulnerability",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
            },
            {
              "name": "26106",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26106"
            },
            {
              "name": "1018829",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018829"
            },
            {
              "name": "27214",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27214"
            },
            {
              "name": "37938",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37938"
            },
            {
              "name": "ADV-2007-3533",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3533"
            },
            {
              "name": "cisco-webview-unauthorized-access(37248)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-10-18T00:17Z"
    }
  }
}

Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686. Cisco Unified Communications Management Applications are prone to a privilege-escalation vulnerability. Attackers can exploit this issue to gain unauthorized access to the web-based reporting and script-monitoring tool and the web-based configuration tool. Attackers can gain access to potentially sensitive information and change the application configuration (including application rights). Information harvested may aid in further attacks. Vulnerabilities in the Cisco Unified ICME, Unified ICMH, UCCE, UCCH, and SUCCE Web Administration components in CUCM products allow users defined in any Windows Active Directory domain to gain unauthorized privilege levels, which allows Windows Active Directory users to view arbitrary calls Central Web View report information.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications.

The vulnerability is caused due to an unspecified error and can be exploited by Windows Active Directory users to e.g. http://tools.cisco.com/support/downloads/go/MDFTree.x?butype=cc

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

CHANGELOG: 2007-10-18: Added CVE reference.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0498",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1\\(5\\)"
      },
      {
        "model": "unified contact center enterprise",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified contact center hosted",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified icm hosted",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified icm hosted",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "unified contact center hosted",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "unified icm hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(5)"
      },
      {
        "model": "unified icm enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(5)"
      },
      {
        "model": "unified contact center hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(5)"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(5)"
      },
      {
        "model": "system unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(5)"
      },
      {
        "model": "unified icm hosted icm7.1 es46",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified icm enterprise icm7.1 es46",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified icm enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(3)"
      },
      {
        "model": "unified contact center hosted icm7.1 es46",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified contact center hosted",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(3)"
      },
      {
        "model": "unified contact center enterprise icm7.1 es46",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(3)"
      },
      {
        "model": "system unified contact center enterprise icm7.1 es46",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_icm_hosted:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:7.1\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-5539",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-5539",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-28901",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5539",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200710-322",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28901",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28901"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686. Cisco Unified Communications Management Applications are prone to a privilege-escalation vulnerability. \nAttackers can exploit this issue to gain unauthorized access to the web-based reporting and script-monitoring tool and the web-based configuration tool. \nAttackers can gain access to potentially sensitive information and change the application configuration (including application rights). Information harvested may aid in further attacks. Vulnerabilities in the Cisco Unified ICME, Unified ICMH, UCCE, UCCH, and SUCCE Web Administration components in CUCM products allow users defined in any Windows Active Directory domain to gain unauthorized privilege levels, which allows Windows Active Directory users to view arbitrary calls Central Web View report information. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,700 different Windows applications. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited by Windows Active Directory users to e.g. \nhttp://tools.cisco.com/support/downloads/go/MDFTree.x?butype=cc\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nCHANGELOG:\n2007-10-18: Added CVE reference. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "db": "BID",
        "id": "26106"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28901"
      },
      {
        "db": "PACKETSTORM",
        "id": "60215"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5539",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26106",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "27214",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3533",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018829",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "37938",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "37248",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20071017 CISCO UNIFIED COMMUNICATIONS WEB-BASED MANAGEMENT VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28901",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "60215",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28901"
      },
      {
        "db": "BID",
        "id": "26106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "db": "PACKETSTORM",
        "id": "60215"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ]
  },
  "id": "VAR-200710-0498",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28901"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:12:23.803000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20071017-IPCC",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20071017-ipcc.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26106"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00808dda12.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37938"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018829"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27214"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/3533"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5539"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5539"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/37248"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/3533"
      },
      {
        "trust": 0.4,
        "url": "http://tools.cisco.com/support/downloads/go/mdftree.x?butype=cc"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071017-ipcc.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/netsol/ns340/ns394/ns165/ns45/netbr0900aecd8043fee4.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/482434"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16168/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27214/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16166/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13207/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16167/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13202/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28901"
      },
      {
        "db": "BID",
        "id": "26106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "db": "PACKETSTORM",
        "id": "60215"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28901"
      },
      {
        "db": "BID",
        "id": "26106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "db": "PACKETSTORM",
        "id": "60215"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28901"
      },
      {
        "date": "2007-10-17T00:00:00",
        "db": "BID",
        "id": "26106"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "date": "2007-10-19T15:32:30",
        "db": "PACKETSTORM",
        "id": "60215"
      },
      {
        "date": "2007-10-18T00:17:00",
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "date": "2007-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28901"
      },
      {
        "date": "2007-10-31T19:36:00",
        "db": "BID",
        "id": "26106"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      },
      {
        "date": "2017-07-29T01:33:43.520000",
        "db": "NVD",
        "id": "CVE-2007-5539"
      },
      {
        "date": "2007-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified ICME Vulnerabilities in which permission is acquired",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002795"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-322"
      }
    ],
    "trust": 0.6
  }
}

ghsa-894g-q9r7-4xv9

Vulnerability from github

Published

2022-05-01 18:34

Modified

2022-05-01 18:34

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5539"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-18T00:17:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.",
  "id": "GHSA-894g-q9r7-4xv9",
  "modified": "2022-05-01T18:34:28Z",
  "published": "2022-05-01T18:34:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5539"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37938"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27214"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26106"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018829"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3533"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2007-5539

Vulnerability from cvelistv5

cve-2007-5539

Vulnerability from fkie_nvd

gsd-2007-5539

Vulnerability from gsd

var-200710-0498

Vulnerability from variot

ghsa-894g-q9r7-4xv9

Vulnerability from github

Tags

Sightings

Nomenclature