Details of VAR-200607-0354

ID

VAR-200607-0354

CVE

CVE-2006-3593

TITLE

CUCM of CLI Vulnerable to overwriting arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2006-002753

DESCRIPTION

The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. These specific issues are identified: - A local privilege-escalation vulnerability, documented as Cisco bug CSCse11005 - A local file-overwrite vulnerability, documented as Cisco bug CSCse31704 - A remote buffer-overflow vulnerability, documented as Cisco bug CSCsd96542 These issues allow local attackers to completely compromise affected devices, and remote attackers to execute arbitrary machine code in the context of the affected service. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. The CallManager CLI provides an alternate management interface to the system for diagnosing and troubleshooting the primary HTTPS-based management interface. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco Unified CallManager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21030 VERIFY ADVISORY: http://secunia.com/advisories/21030/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/11019/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified CallManager, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) Errors in various CLI commands can be exploited by an authenticated administrator to break out of the CLI environment and execute arbitrary Linux commands with root privileges. 3) A boundary error within the processing of SIP requests can be exploited to cause a buffer overflow via an overly long hostname string in a malicious SIP request. Successful exploitation causes a DoS or allows execution of arbitrary code. The vulnerabilities have been reported in versions 5.0(1), 5.0(2), 5.0(3), and 5.0(3a). SOLUTION: Update to version 5.0(4) or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-3593 // JVNDB: JVNDB-2006-002753 // BID: 18952 // VULHUB: VHN-19701 // PACKETSTORM: 48213

AFFECTED PRODUCTS

vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(3a\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0\(3\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(1) to 5.0(3a)	Trust: 0.8
vendor:	cisco	model:	unified callmanager 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(1)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	ne	version:	5.0(4)	Trust: 0.3

sources: BID: 18952 // JVNDB: JVNDB-2006-002753 // CNNVD: CNNVD-200607-251 // NVD: CVE-2006-3593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3593
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-3593
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200607-251
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-19701
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-3593
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-19701
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-19701 // JVNDB: JVNDB-2006-002753 // CNNVD: CNNVD-200607-251 // NVD: CVE-2006-3593

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3593

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-251

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200607-251

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002753

PATCH

title:

cisco-sa-20060712-cucm

url:

http://www.cisco.com/en/US/products/csa/cisco-sa-20060712-cucm.html

Trust: 0.8

sources: JVNDB: JVNDB-2006-002753

EXTERNAL IDS

db:	NVD	id:	CVE-2006-3593	Trust: 2.8
db:	BID	id:	18952	Trust: 2.0
db:	SECUNIA	id:	21030	Trust: 1.8
db:	SECTRACK	id:	1016475	Trust: 1.7
db:	VUPEN	id:	ADV-2006-2774	Trust: 1.7
db:	OSVDB	id:	27161	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-002753	Trust: 0.8
db:	CNNVD	id:	CNNVD-200607-251	Trust: 0.7
db:	CISCO	id:	20060712 MULTIPLE CISCO UNIFIED CALLMANAGER VULNERABILITIES	Trust: 0.6
db:	XF	id:	27690	Trust: 0.6
db:	VULHUB	id:	VHN-19701	Trust: 0.1
db:	PACKETSTORM	id:	48213	Trust: 0.1

sources: VULHUB: VHN-19701 // BID: 18952 // JVNDB: JVNDB-2006-002753 // PACKETSTORM: 48213 // CNNVD: CNNVD-200607-251 // NVD: CVE-2006-3593

REFERENCES

url:	http://www.securityfocus.com/bid/18952	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00806e0b9f.shtml	Trust: 1.7
url:	http://www.osvdb.org/27161	Trust: 1.7
url:	http://securitytracker.com/id?1016475	Trust: 1.7
url:	http://secunia.com/advisories/21030	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/2774	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27690	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3593	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3593	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/27690	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/2774	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml	Trust: 0.4
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3
url:	http://secunia.com/advisories/21030/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/product/11019/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-19701 // BID: 18952 // JVNDB: JVNDB-2006-002753 // PACKETSTORM: 48213 // CNNVD: CNNVD-200607-251 // NVD: CVE-2006-3593

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200607-251

SOURCES

db:	VULHUB	id:	VHN-19701
db:	BID	id:	18952
db:	JVNDB	id:	JVNDB-2006-002753
db:	PACKETSTORM	id:	48213
db:	CNNVD	id:	CNNVD-200607-251
db:	NVD	id:	CVE-2006-3593

LAST UPDATE DATE

2024-08-14T13:50:44.444000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-19701	date:	2017-07-20T00:00:00
db:	BID	id:	18952	date:	2016-07-05T21:38:00
db:	JVNDB	id:	JVNDB-2006-002753	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200607-251	date:	2006-07-19T00:00:00
db:	NVD	id:	CVE-2006-3593	date:	2017-07-20T01:32:25.617

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-19701	date:	2006-07-18T00:00:00
db:	BID	id:	18952	date:	2006-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2006-002753	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	48213	date:	2006-07-13T17:58:07
db:	CNNVD	id:	CNNVD-200607-251	date:	2006-07-18T00:00:00
db:	NVD	id:	CVE-2006-3593	date:	2006-07-18T15:37:00