Details of VAR-200607-0353

ID

VAR-200607-0353

CVE

CVE-2006-3592

TITLE

CUCM of CLI Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2006-002752

DESCRIPTION

Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. These specific issues are identified: - A local privilege-escalation vulnerability, documented as Cisco bug CSCse11005 - A local file-overwrite vulnerability, documented as Cisco bug CSCse31704 - A remote buffer-overflow vulnerability, documented as Cisco bug CSCsd96542 These issues allow local attackers to completely compromise affected devices, and remote attackers to execute arbitrary machine code in the context of the affected service. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. The CallManager CLI provides an alternate management interface to the system for diagnosing and troubleshooting the primary HTTPS-based management interface. The vulnerabilities allow command output to be redirected to a file or folder specified on the command line. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco Unified CallManager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21030 VERIFY ADVISORY: http://secunia.com/advisories/21030/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/11019/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified CallManager, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 2) An unspecified error makes it possible to for an authenticated administrator to overwrite arbitrary files or folders with output of CLI commands. 3) A boundary error within the processing of SIP requests can be exploited to cause a buffer overflow via an overly long hostname string in a malicious SIP request. Successful exploitation causes a DoS or allows execution of arbitrary code. The vulnerabilities have been reported in versions 5.0(1), 5.0(2), 5.0(3), and 5.0(3a). SOLUTION: Update to version 5.0(4) or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2006-3592 // JVNDB: JVNDB-2006-002752 // BID: 18952 // VULHUB: VHN-19700 // VULMON: CVE-2006-3592 // PACKETSTORM: 48213

AFFECTED PRODUCTS

vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(3a\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(3\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(1) to 5.0(3a)	Trust: 0.8
vendor:	cisco	model:	unified callmanager 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(1)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	ne	version:	5.0(4)	Trust: 0.3

sources: BID: 18952 // JVNDB: JVNDB-2006-002752 // CNNVD: CNNVD-200607-226 // NVD: CVE-2006-3592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3592
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-3592
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200607-226
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-19700
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2006-3592
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-3592
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-19700
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-19700 // VULMON: CVE-2006-3592 // JVNDB: JVNDB-2006-002752 // CNNVD: CNNVD-200607-226 // NVD: CVE-2006-3592

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3592

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 48213 // CNNVD: CNNVD-200607-226

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200607-226

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002752

PATCH

title:	cisco-sa-20060712-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060712-cucm	Trust: 0.8
title:	-	url:	https://github.com/CVEDB/PoC-List	Trust: 0.1

sources: VULMON: CVE-2006-3592 // JVNDB: JVNDB-2006-002752

EXTERNAL IDS

db:	NVD	id:	CVE-2006-3592	Trust: 2.9
db:	BID	id:	18952	Trust: 2.1
db:	SECUNIA	id:	21030	Trust: 1.9
db:	SECTRACK	id:	1016475	Trust: 1.8
db:	VUPEN	id:	ADV-2006-2774	Trust: 1.8
db:	OSVDB	id:	27160	Trust: 1.8
db:	JVNDB	id:	JVNDB-2006-002752	Trust: 0.8
db:	CNNVD	id:	CNNVD-200607-226	Trust: 0.7
db:	CISCO	id:	20060712 MULTIPLE CISCO UNIFIED CALLMANAGER VULNERABILITIES	Trust: 0.6
db:	XF	id:	27689	Trust: 0.6
db:	VULHUB	id:	VHN-19700	Trust: 0.1
db:	VULMON	id:	CVE-2006-3592	Trust: 0.1
db:	PACKETSTORM	id:	48213	Trust: 0.1

sources: VULHUB: VHN-19700 // VULMON: CVE-2006-3592 // BID: 18952 // JVNDB: JVNDB-2006-002752 // PACKETSTORM: 48213 // CNNVD: CNNVD-200607-226 // NVD: CVE-2006-3592

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml	Trust: 2.2
url:	http://www.securityfocus.com/bid/18952	Trust: 1.9
url:	http://www.osvdb.org/27160	Trust: 1.8
url:	http://securitytracker.com/id?1016475	Trust: 1.8
url:	http://secunia.com/advisories/21030	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2006/2774	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27689	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3592	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3592	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/27689	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/2774	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/cvedb/poc-list	Trust: 0.1
url:	http://secunia.com/advisories/21030/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/product/11019/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-19700 // VULMON: CVE-2006-3592 // BID: 18952 // JVNDB: JVNDB-2006-002752 // PACKETSTORM: 48213 // CNNVD: CNNVD-200607-226 // NVD: CVE-2006-3592

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200607-226

SOURCES

db:	VULHUB	id:	VHN-19700
db:	VULMON	id:	CVE-2006-3592
db:	BID	id:	18952
db:	JVNDB	id:	JVNDB-2006-002752
db:	PACKETSTORM	id:	48213
db:	CNNVD	id:	CNNVD-200607-226
db:	NVD	id:	CVE-2006-3592

LAST UPDATE DATE

2024-08-14T13:50:44.482000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-19700	date:	2017-07-20T00:00:00
db:	VULMON	id:	CVE-2006-3592	date:	2017-07-20T00:00:00
db:	BID	id:	18952	date:	2016-07-05T21:38:00
db:	JVNDB	id:	JVNDB-2006-002752	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200607-226	date:	2006-07-18T00:00:00
db:	NVD	id:	CVE-2006-3592	date:	2017-07-20T01:32:25.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-19700	date:	2006-07-18T00:00:00
db:	VULMON	id:	CVE-2006-3592	date:	2006-07-18T00:00:00
db:	BID	id:	18952	date:	2006-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2006-002752	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	48213	date:	2006-07-13T17:58:07
db:	CNNVD	id:	CNNVD-200607-226	date:	2006-07-18T00:00:00
db:	NVD	id:	CVE-2006-3592	date:	2006-07-18T15:37:00