Sign-up

ID

VAR-200707-0302


CVE

CVE-2007-3776


TITLE

CUCM Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2007-002348

DESCRIPTION

Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. To exploit this issue, an attacker must have administrative access. Attackers may exploit these issues to gain access to sensitive information or to cause denial-of-service conditions. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerabilities are caused due to unspecified errors and can be exploited by an unauthorized administrator to e.g. activate and terminate system services or to view SNMP configuration information in a CUCM/CUPS cluster environment. CUCM 5.0/5.1: Update to CUCM 5.1(2a) - http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2 CUPS 1.0: Upgrade to CUPS 6.0(1) - http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2 Version 1.0 is reportedly discontinued. The vendor recommends users to upgrade to version 6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3776 // JVNDB: JVNDB-2007-002348 // BID: 24867 // VULHUB: VHN-27138 // PACKETSTORM: 57688

AFFECTED PRODUCTS

vendor:ciscomodel:unified presence serverscope:eqversion:1.0

Trust: 1.9

vendor:ciscomodel:unified communications managerscope:eqversion:5.1\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:5.1\(2\)

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:eqversion:1.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:eqversion:1.0\(3\)

Trust: 1.6

vendor:ciscomodel:unified presence serverscope:eqversion:1.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:5.0

Trust: 1.6

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified presence serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified presence serverscope:eqversion:1.0(3)

Trust: 0.3

vendor:ciscomodel:unified presence serverscope:eqversion:1.0(2)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(1)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unified presence serverscope:neversion:6.0

Trust: 0.3

vendor:ciscomodel:unified communications manager 5.1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr.1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:neversion:6.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:neversion:4.2

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:neversion:3.3

Trust: 0.3

sources: BID: 24867 // JVNDB: JVNDB-2007-002348 // CNNVD: CNNVD-200707-241 // NVD: CVE-2007-3776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3776
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3776
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-241
value: MEDIUM

Trust: 0.6

VULHUB: VHN-27138
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3776
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27138
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27138 // JVNDB: JVNDB-2007-002348 // CNNVD: CNNVD-200707-241 // NVD: CVE-2007-3776

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-241

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200707-241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002348

PATCH
title:cisco-sa-20070711-voipurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070711-voip
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002348

EXTERNAL IDS
db:NVDid:CVE-2007-3776
Trust: 2.8
db:BIDid:24867
Trust: 2.0
db:SECUNIAid:26039
Trust: 1.8
db:VUPENid:ADV-2007-2511
Trust: 1.7
db:SECTRACKid:1018368
Trust: 1.7
db:OSVDBid:36124
Trust: 1.1
db:JVNDBid:JVNDB-2007-002348
Trust: 0.8
db:CNNVDid:CNNVD-200707-241
Trust: 0.7
db:XFid:35344
Trust: 0.6
db:CISCOid:20070711 CISCO UNIFIED COMMUNICATIONS MANAGER AND PRESENCE SERVER UNAUTHORIZED ACCESS VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-27138
Trust: 0.1
db:PACKETSTORMid:57688
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27138 // 
            
            
            
            BID: 24867 // 
            
            
            
            JVNDB: JVNDB-2007-002348 // 
            
            
            
            PACKETSTORM: 57688 // 
            
            
            
            CNNVD: CNNVD-200707-241 // 
            
            
            
            NVD: CVE-2007-3776

REFERENCES
url:http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml
Trust: 2.1
url:http://www.securityfocus.com/bid/24867
Trust: 1.7
url:http://securitytracker.com/id?1018368
Trust: 1.7
url:http://secunia.com/advisories/26039
Trust: 1.7
url:http://osvdb.org/36124
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/2511
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35344
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3776
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3776
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/35344
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/2511
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:/archive/1/473379
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/product/12535/
Trust: 0.1
url:http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2
Trust: 0.1
url:http://secunia.com/product/11019/
Trust: 0.1
url:http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/12424/
Trust: 0.1
url:http://secunia.com/advisories/26039/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27138 // 
            
            
            
            BID: 24867 // 
            
            
            
            JVNDB: JVNDB-2007-002348 // 
            
            
            
            PACKETSTORM: 57688 // 
            
            
            
            CNNVD: CNNVD-200707-241 // 
            
            
            
            NVD: CVE-2007-3776

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200707-241

SOURCES
db:VULHUBid:VHN-27138
db:BIDid:24867
db:JVNDBid:JVNDB-2007-002348
db:PACKETSTORMid:57688
db:CNNVDid:CNNVD-200707-241
db:NVDid:CVE-2007-3776

LAST UPDATE DATE
2024-11-23T22:28:14.469000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27138date:2017-07-29T00:00:00
db:BIDid:24867date:2016-07-06T14:17:00
db:JVNDBid:JVNDB-2007-002348date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200707-241date:2007-07-17T00:00:00
db:NVDid:CVE-2007-3776date:2024-11-21T00:34:02.313

SOURCES RELEASE DATE
db:VULHUBid:VHN-27138date:2007-07-15T00:00:00
db:BIDid:24867date:2007-07-11T00:00:00
db:JVNDBid:JVNDB-2007-002348date:2012-06-26T00:00:00
db:PACKETSTORMid:57688date:2007-07-13T00:55:11
db:CNNVDid:CNNVD-200707-241date:2007-07-15T00:00:00
db:NVDid:CVE-2007-3776date:2007-07-15T22:30:00