Details of VAR-200710-0498

ID

VAR-200710-0498

CVE

CVE-2007-5539

TITLE

Cisco Unified ICME Vulnerabilities in which permission is acquired

Trust: 0.8

sources: JVNDB: JVNDB-2007-002795

DESCRIPTION

Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686. Cisco Unified Communications Management Applications are prone to a privilege-escalation vulnerability. Attackers can exploit this issue to gain unauthorized access to the web-based reporting and script-monitoring tool and the web-based configuration tool. Attackers can gain access to potentially sensitive information and change the application configuration (including application rights). Information harvested may aid in further attacks. Vulnerabilities in the Cisco Unified ICME, Unified ICMH, UCCE, UCCH, and SUCCE Web Administration components in CUCM products allow users defined in any Windows Active Directory domain to gain unauthorized privilege levels, which allows Windows Active Directory users to view arbitrary calls Central Web View report information. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. The vulnerability is caused due to an unspecified error and can be exploited by Windows Active Directory users to e.g. http://tools.cisco.com/support/downloads/go/MDFTree.x?butype=cc PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. CHANGELOG: 2007-10-18: Added CVE reference. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5539 // JVNDB: JVNDB-2007-002795 // BID: 26106 // VULHUB: VHN-28901 // PACKETSTORM: 60215

AFFECTED PRODUCTS

vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	7.1\(5\)	Trust: 1.6
vendor:	cisco	model:	unified contact center enterprise	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified contact center hosted	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified icm hosted	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified intelligent contact management enterprise	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified icm hosted	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified intelligent contact management enterprise	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified contact center hosted	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified icm hosted	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified icm enterprise	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified contact center hosted	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	system unified contact center enterprise	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified icm hosted icm7.1 es46	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified icm enterprise icm7.1 es46	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified icm enterprise	scope:	ne	version:	7.2(3)	Trust: 0.3
vendor:	cisco	model:	unified contact center hosted icm7.1 es46	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified contact center hosted	scope:	ne	version:	7.2(3)	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise icm7.1 es46	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise	scope:	ne	version:	7.2(3)	Trust: 0.3
vendor:	cisco	model:	system unified contact center enterprise icm7.1 es46	scope:	ne	version:	-	Trust: 0.3

sources: BID: 26106 // JVNDB: JVNDB-2007-002795 // CNNVD: CNNVD-200710-322 // NVD: CVE-2007-5539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5539
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-5539
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200710-322
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-28901
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-5539
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28901
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28901 // JVNDB: JVNDB-2007-002795 // CNNVD: CNNVD-200710-322 // NVD: CVE-2007-5539

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-5539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-322

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200710-322

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002795

PATCH

title:

cisco-sa-20071017-IPCC

url:

http://www.cisco.com/en/US/products/csa/cisco-sa-20071017-IPCC.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-002795

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5539	Trust: 2.8
db:	BID	id:	26106	Trust: 2.0
db:	SECUNIA	id:	27214	Trust: 1.8
db:	VUPEN	id:	ADV-2007-3533	Trust: 1.7
db:	SECTRACK	id:	1018829	Trust: 1.7
db:	OSVDB	id:	37938	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002795	Trust: 0.8
db:	XF	id:	37248	Trust: 0.6
db:	CISCO	id:	20071017 CISCO UNIFIED COMMUNICATIONS WEB-BASED MANAGEMENT VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-322	Trust: 0.6
db:	VULHUB	id:	VHN-28901	Trust: 0.1
db:	PACKETSTORM	id:	60215	Trust: 0.1

sources: VULHUB: VHN-28901 // BID: 26106 // JVNDB: JVNDB-2007-002795 // PACKETSTORM: 60215 // CNNVD: CNNVD-200710-322 // NVD: CVE-2007-5539

REFERENCES

url:	http://www.securityfocus.com/bid/26106	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00808dda12.shtml	Trust: 1.7
url:	http://osvdb.org/37938	Trust: 1.7
url:	http://www.securitytracker.com/id?1018829	Trust: 1.7
url:	http://secunia.com/advisories/27214	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/3533	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/37248	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5539	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5539	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/37248	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/3533	Trust: 0.6
url:	http://tools.cisco.com/support/downloads/go/mdftree.x?butype=cc	Trust: 0.4
url:	http://www.cisco.com/warp/public/707/cisco-sa-20071017-ipcc.shtml	Trust: 0.4
url:	http://www.cisco.com/en/us/netsol/ns340/ns394/ns165/ns45/netbr0900aecd8043fee4.html	Trust: 0.3
url:	/archive/1/482434	Trust: 0.3
url:	http://secunia.com/product/16168/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/27214/	Trust: 0.1
url:	http://secunia.com/product/16166/	Trust: 0.1
url:	http://secunia.com/product/13207/	Trust: 0.1
url:	http://secunia.com/product/16167/	Trust: 0.1
url:	http://secunia.com/product/13202/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-28901 // BID: 26106 // JVNDB: JVNDB-2007-002795 // PACKETSTORM: 60215 // CNNVD: CNNVD-200710-322 // NVD: CVE-2007-5539

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200710-322

SOURCES

db:	VULHUB	id:	VHN-28901
db:	BID	id:	26106
db:	JVNDB	id:	JVNDB-2007-002795
db:	PACKETSTORM	id:	60215
db:	CNNVD	id:	CNNVD-200710-322
db:	NVD	id:	CVE-2007-5539

LAST UPDATE DATE

2024-11-23T22:24:06.686000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28901	date:	2017-07-29T00:00:00
db:	BID	id:	26106	date:	2007-10-31T19:36:00
db:	JVNDB	id:	JVNDB-2007-002795	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200710-322	date:	2007-10-23T00:00:00
db:	NVD	id:	CVE-2007-5539	date:	2024-11-21T00:38:08.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28901	date:	2007-10-18T00:00:00
db:	BID	id:	26106	date:	2007-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2007-002795	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	60215	date:	2007-10-19T15:32:30
db:	CNNVD	id:	CNNVD-200710-322	date:	2007-10-17T00:00:00
db:	NVD	id:	CVE-2007-5539	date:	2007-10-18T00:17:00