Details of VAR-200707-0301

ID

VAR-200707-0301

CVE

CVE-2007-3775

TITLE

CUCM Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002347

DESCRIPTION

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. To exploit this issue, an attacker must have administrative access. Attackers may exploit these issues to gain access to sensitive information or to cause denial-of-service conditions. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerabilities are caused due to unspecified errors and can be exploited by an unauthorized administrator to e.g. activate and terminate system services or to view SNMP configuration information in a CUCM/CUPS cluster environment. CUCM 5.0/5.1: Update to CUCM 5.1(2a) - http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2 CUPS 1.0: Upgrade to CUPS 6.0(1) - http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2 Version 1.0 is reportedly discontinued. The vendor recommends users to upgrade to version 6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3775 // JVNDB: JVNDB-2007-002347 // BID: 24867 // VULHUB: VHN-27137 // PACKETSTORM: 57688

AFFECTED PRODUCTS

vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0	Trust: 1.9
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2\)	Trust: 1.6
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0\(3\)	Trust: 1.6
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified presence server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0(3)	Trust: 0.3
vendor:	cisco	model:	unified presence server	scope:	eq	version:	1.0(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1(1)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	unified presence server	scope:	ne	version:	6.0	Trust: 0.3
vendor:	cisco	model:	unified communications manager 5.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 4.3 sr.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	ne	version:	6.0	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	ne	version:	4.2	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	ne	version:	4.0	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	ne	version:	3.3	Trust: 0.3

sources: BID: 24867 // JVNDB: JVNDB-2007-002347 // CNNVD: CNNVD-200707-255 // NVD: CVE-2007-3775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3775
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-3775
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200707-255
value:	HIGH
Trust: 0.6
VULHUB:	VHN-27137
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-3775
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-27137
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27137 // JVNDB: JVNDB-2007-002347 // CNNVD: CNNVD-200707-255 // NVD: CVE-2007-3775

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-255

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200707-255

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002347

PATCH

title:

cisco-sa-20070711-voip

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070711-voip

Trust: 0.8

sources: JVNDB: JVNDB-2007-002347

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3775	Trust: 2.8
db:	BID	id:	24867	Trust: 2.0
db:	SECUNIA	id:	26039	Trust: 1.8
db:	VUPEN	id:	ADV-2007-2511	Trust: 1.7
db:	OSVDB	id:	36123	Trust: 1.7
db:	SECTRACK	id:	1018368	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002347	Trust: 0.8
db:	XF	id:	35341	Trust: 0.6
db:	CISCO	id:	20070711 CISCO UNIFIED COMMUNICATIONS MANAGER AND PRESENCE SERVER UNAUTHORIZED ACCESS VULNERABILITIES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200707-255	Trust: 0.6
db:	VULHUB	id:	VHN-27137	Trust: 0.1
db:	PACKETSTORM	id:	57688	Trust: 0.1

sources: VULHUB: VHN-27137 // BID: 24867 // JVNDB: JVNDB-2007-002347 // PACKETSTORM: 57688 // CNNVD: CNNVD-200707-255 // NVD: CVE-2007-3775

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/24867	Trust: 1.7
url:	http://www.osvdb.org/36123	Trust: 1.7
url:	http://securitytracker.com/id?1018368	Trust: 1.7
url:	http://secunia.com/advisories/26039	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/2511	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35341	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3775	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3775	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/35341	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/2511	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/473379	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/product/12535/	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2	Trust: 0.1
url:	http://secunia.com/product/11019/	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/12424/	Trust: 0.1
url:	http://secunia.com/advisories/26039/	Trust: 0.1

sources: VULHUB: VHN-27137 // BID: 24867 // JVNDB: JVNDB-2007-002347 // PACKETSTORM: 57688 // CNNVD: CNNVD-200707-255 // NVD: CVE-2007-3775

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200707-255

SOURCES

db:	VULHUB	id:	VHN-27137
db:	BID	id:	24867
db:	JVNDB	id:	JVNDB-2007-002347
db:	PACKETSTORM	id:	57688
db:	CNNVD	id:	CNNVD-200707-255
db:	NVD	id:	CVE-2007-3775

LAST UPDATE DATE

2024-11-23T22:28:14.507000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27137	date:	2017-07-29T00:00:00
db:	BID	id:	24867	date:	2016-07-06T14:17:00
db:	JVNDB	id:	JVNDB-2007-002347	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200707-255	date:	2007-07-17T00:00:00
db:	NVD	id:	CVE-2007-3775	date:	2024-11-21T00:34:02.170

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27137	date:	2007-07-15T00:00:00
db:	BID	id:	24867	date:	2007-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2007-002347	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	57688	date:	2007-07-13T00:55:11
db:	CNNVD	id:	CNNVD-200707-255	date:	2007-07-15T00:00:00
db:	NVD	id:	CVE-2007-3775	date:	2007-07-15T22:30:00