Details of VAR-200710-0496

ID

VAR-200710-0496

CVE

CVE-2007-5537

TITLE

CUCM Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002793

DESCRIPTION

Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability. Successfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices. Versions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues. A denial of service vulnerability exists in the CUCM Session Initiation Protocol (SIP) stack

Trust: 1.98

sources: NVD: CVE-2007-5537 // JVNDB: JVNDB-2007-002793 // BID: 26105 // VULHUB: VHN-28899

AFFECTED PRODUCTS

vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0	Trust: 2.7
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1(2)	Trust: 1.1
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	5.1	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0	Trust: 0.6
vendor:	cisco	model:	unified communications manager 5.1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2\)	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1(1)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	unified callmanager 5.0 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(4)	Trust: 0.3
vendor:	cisco	model:	unified callmanager 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	5.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	6.0(1)	Trust: 0.3

sources: BID: 26105 // JVNDB: JVNDB-2007-002793 // CNNVD: CNNVD-200710-339 // NVD: CVE-2007-5537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5537
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-5537
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200710-339
value:	HIGH
Trust: 0.6
VULHUB:	VHN-28899
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-5537
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28899
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28899 // JVNDB: JVNDB-2007-002793 // CNNVD: CNNVD-200710-339 // NVD: CVE-2007-5537

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-28899 // JVNDB: JVNDB-2007-002793 // NVD: CVE-2007-5537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-339

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200710-339

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002793

PATCH

title:

cisco-sa-20071017-cucm

url:

http://www.cisco.com/en/US/products/csa/cisco-sa-20071017-cucm.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-002793

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5537	Trust: 2.8
db:	BID	id:	26105	Trust: 2.0
db:	SECUNIA	id:	27296	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3532	Trust: 1.7
db:	OSVDB	id:	37941	Trust: 1.7
db:	SECTRACK	id:	1018828	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002793	Trust: 0.8
db:	XF	id:	37246	Trust: 0.6
db:	CISCO	id:	20071017 CISCO UNIFIED COMMUNICATIONS MANAGER DENIAL OF SERVICE VULNERABILITIES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-339	Trust: 0.6
db:	VULHUB	id:	VHN-28899	Trust: 0.1

sources: VULHUB: VHN-28899 // BID: 26105 // JVNDB: JVNDB-2007-002793 // CNNVD: CNNVD-200710-339 // NVD: CVE-2007-5537

REFERENCES

url:	http://www.securityfocus.com/bid/26105	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00808dda34.shtml	Trust: 1.7
url:	http://osvdb.org/37941	Trust: 1.7
url:	http://www.securitytracker.com/id?1018828	Trust: 1.7
url:	http://secunia.com/advisories/27296	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/3532	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/37246	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5537	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5537	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/37246	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/3532	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20071017-cucm.shtml	Trust: 0.3

sources: VULHUB: VHN-28899 // BID: 26105 // JVNDB: JVNDB-2007-002793 // CNNVD: CNNVD-200710-339 // NVD: CVE-2007-5537

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200710-339

SOURCES

db:	VULHUB	id:	VHN-28899
db:	BID	id:	26105
db:	JVNDB	id:	JVNDB-2007-002793
db:	CNNVD	id:	CNNVD-200710-339
db:	NVD	id:	CVE-2007-5537

LAST UPDATE DATE

2024-11-23T22:09:44.985000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28899	date:	2017-07-29T00:00:00
db:	BID	id:	26105	date:	2007-10-31T19:36:00
db:	JVNDB	id:	JVNDB-2007-002793	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200710-339	date:	2007-10-24T00:00:00
db:	NVD	id:	CVE-2007-5537	date:	2024-11-21T00:38:08.053

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28899	date:	2007-10-18T00:00:00
db:	BID	id:	26105	date:	2007-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2007-002793	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200710-339	date:	2007-10-17T00:00:00
db:	NVD	id:	CVE-2007-5537	date:	2007-10-18T00:17:00