Details of VAR-200708-0510

ID

VAR-200708-0510

CVE

CVE-2007-4633

TITLE

CUCM Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-002569

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a cross-site scripting vulnerability and an SQL-injection vulnerability. A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco CallManager / CUCM Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA26641 VERIFY ADVISORY: http://secunia.com/advisories/26641/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: >From remote SOFTWARE: Cisco Unified Communications Manager 4.x http://secunia.com/product/5363/ Cisco Unified CallManager 4.x http://secunia.com/product/12534/ Cisco Unified CallManager 3.x http://secunia.com/product/2805/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified CallManager and Unified Communications Manager (CUCM), which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to unspecified parameters to the admin or user logon pages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to unspecified parameters to the admin or user logon pages is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. See vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: The vendor credits Gama SEC and Elliot Kendall from Brandeis University. ORIGINAL ADVISORY: http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4633 // JVNDB: JVNDB-2007-002569 // BID: 25480 // VULHUB: VHN-27995 // PACKETSTORM: 58971

AFFECTED PRODUCTS

vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)sr2	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.3\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2\(1\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.3\(1\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.3	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2\(3\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2\(2\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	4.1	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3(1)sr1	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2(3)sr2	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	4.2	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	4.3	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1(3)sr5	Trust: 0.8
vendor:	cisco	model:	unified communications manager 4.2 sr2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager sr2b	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.2 sr1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager sr5b	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	unified callmanager 3.3 sr3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 3.3 sr2a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager 4.3 sr.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 4.2 sr2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 3.3 sr2b	scope:	ne	version:	-	Trust: 0.3

sources: BID: 25480 // JVNDB: JVNDB-2007-002569 // CNNVD: CNNVD-200708-503 // NVD: CVE-2007-4633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4633
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4633
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200708-503
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-27995
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4633
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-27995
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27995 // JVNDB: JVNDB-2007-002569 // CNNVD: CNNVD-200708-503 // NVD: CVE-2007-4633

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-27995 // JVNDB: JVNDB-2007-002569 // NVD: CVE-2007-4633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-503

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200708-503

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002569

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-27995

PATCH

title:

cisco-sa-20070829-ccm

url:

http://www.cisco.com/en/US/products/csa/cisco-sa-20070829-ccm.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-002569

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4633	Trust: 2.8
db:	BID	id:	25480	Trust: 2.0
db:	SECUNIA	id:	26641	Trust: 1.8
db:	VUPEN	id:	ADV-2007-3010	Trust: 1.7
db:	SECTRACK	id:	1018624	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002569	Trust: 0.8
db:	CISCO	id:	20070829 XSS AND SQL INJECTION IN CISCO CALLMANAGER/UNIFIED COMMUNICATIONS MANAGER LOGON PAGE	Trust: 0.6
db:	XF	id:	36325	Trust: 0.6
db:	CNNVD	id:	CNNVD-200708-503	Trust: 0.6
db:	VULHUB	id:	VHN-27995	Trust: 0.1
db:	PACKETSTORM	id:	58971	Trust: 0.1

sources: VULHUB: VHN-27995 // BID: 25480 // JVNDB: JVNDB-2007-002569 // PACKETSTORM: 58971 // CNNVD: CNNVD-200708-503 // NVD: CVE-2007-4633

REFERENCES

url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00808ae327.shtml	Trust: 1.8
url:	http://www.securityfocus.com/bid/25480	Trust: 1.7
url:	http://securitytracker.com/id?1018624	Trust: 1.7
url:	http://secunia.com/advisories/26641	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/3010	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36325	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4633	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4633	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/36325	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/3010	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3
url:	/archive/1/478060	Trust: 0.3
url:	/archive/1/478201	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20070829-ccm.shtml	Trust: 0.3
url:	http://secunia.com/product/2805/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/12534/	Trust: 0.1
url:	http://secunia.com/advisories/26641/	Trust: 0.1
url:	http://secunia.com/product/5363/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-27995 // BID: 25480 // JVNDB: JVNDB-2007-002569 // PACKETSTORM: 58971 // CNNVD: CNNVD-200708-503 // NVD: CVE-2007-4633

CREDITS

The vendor disclosed these issues.

Trust: 0.9

sources: BID: 25480 // CNNVD: CNNVD-200708-503

SOURCES

db:	VULHUB	id:	VHN-27995
db:	BID	id:	25480
db:	JVNDB	id:	JVNDB-2007-002569
db:	PACKETSTORM	id:	58971
db:	CNNVD	id:	CNNVD-200708-503
db:	NVD	id:	CVE-2007-4633

LAST UPDATE DATE

2024-11-23T22:09:50.983000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27995	date:	2017-07-29T00:00:00
db:	BID	id:	25480	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2007-002569	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200708-503	date:	2007-09-05T00:00:00
db:	NVD	id:	CVE-2007-4633	date:	2024-11-21T00:36:04.297

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27995	date:	2007-08-31T00:00:00
db:	BID	id:	25480	date:	2007-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2007-002569	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	58971	date:	2007-08-31T03:45:27
db:	CNNVD	id:	CNNVD-200708-503	date:	2007-08-31T00:00:00
db:	NVD	id:	CVE-2007-4633	date:	2007-08-31T23:17:00