Details of VAR-201011-0224

ID

VAR-201011-0224

CVE

CVE-2010-3039

TITLE

Cisco CUCM of /usr/local/cm/bin/pktCap_protectData Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-003013

DESCRIPTION

/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. Attackers can exploit this issue to gain administrative access to the affected device and execute arbitrary code with superuser privileges. Successful exploits will lead to the complete compromise of the device. This issue is tracked by Cisco Bug ID CSCti52041 and CSCti74930. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42129 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified Communications Manager, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an input validation error in the "/usr/local/cm/bin/pktCap_protectData" setuid program when processing options. This can be exploited e.g. Please see the vendor's advisory for details on affected versions. SOLUTION: Update to the latest version. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Knud Erik H\xf8jgaard, nSense ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21656 NSENSE-2010-003: http://www.nsense.fi/advisories/nsense_2010_003.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-3039 // JVNDB: JVNDB-2010-003013 // BID: 44672 // VULHUB: VHN-45644 // PACKETSTORM: 95642

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager 7.1	scope:	-	version:	-	Trust: 1.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1a	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager 7.1 su1	scope:	-	version:	-	Trust: 1.5
vendor:	cisco	model:	unified communications manager 6.1	scope:	-	version:	-	Trust: 1.5
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7 and 8	Trust: 0.8
vendor:	cisco	model:	unified communications manager 6.1 su1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.0	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su1a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 6.1 su2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager su1	scope:	eq	version:	6.1	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.0 su1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.0	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.0 su1a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.0 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 6.1 su1a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(0.98000.106)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1(5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1(4)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.0 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(3)	Trust: 0.3

sources: BID: 44672 // JVNDB: JVNDB-2010-003013 // CNNVD: CNNVD-201011-104 // NVD: CVE-2010-3039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-3039
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-3039
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201011-104
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-45644
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-3039
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-45644
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-45644 // JVNDB: JVNDB-2010-003013 // CNNVD: CNNVD-201011-104 // NVD: CVE-2010-3039

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-45644 // JVNDB: JVNDB-2010-003013 // NVD: CVE-2010-3039

THREAT TYPE

local

Trust: 0.9

sources: BID: 44672 // CNNVD: CNNVD-201011-104

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201011-104

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003013

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-45644

PATCH

title:

21656

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=21656

Trust: 0.8

sources: JVNDB: JVNDB-2010-003013

EXTERNAL IDS

db:	NVD	id:	CVE-2010-3039	Trust: 2.8
db:	BID	id:	44672	Trust: 2.0
db:	SECUNIA	id:	42129	Trust: 1.8
db:	VUPEN	id:	ADV-2010-2915	Trust: 1.7
db:	SECTRACK	id:	1024694	Trust: 1.1
db:	JVNDB	id:	JVNDB-2010-003013	Trust: 0.8
db:	CNNVD	id:	CNNVD-201011-104	Trust: 0.7
db:	FULLDISC	id:	20101105 NSENSE-2010-003: CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	EXPLOIT-DB	id:	34954	Trust: 0.1
db:	PACKETSTORM	id:	95550	Trust: 0.1
db:	VULHUB	id:	VHN-45644	Trust: 0.1
db:	PACKETSTORM	id:	95642	Trust: 0.1

sources: VULHUB: VHN-45644 // BID: 44672 // JVNDB: JVNDB-2010-003013 // PACKETSTORM: 95642 // CNNVD: CNNVD-201011-104 // NVD: CVE-2010-3039

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=21656	Trust: 2.1
url:	http://seclists.org/fulldisclosure/2010/nov/40	Trust: 2.0
url:	http://www.nsense.fi/advisories/nsense_2010_003.txt	Trust: 1.8
url:	http://www.securityfocus.com/bid/44672	Trust: 1.7
url:	http://secunia.com/advisories/42129	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/2915	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/514668/100/0/threaded	Trust: 1.1
url:	http://www.securitytracker.com/id?1024694	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3039	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3039	Trust: 0.8
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/	Trust: 0.3
url:	http://secunia.com/advisories/42129/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42129	Trust: 0.1
url:	http://secunia.com/advisories/42129/	Trust: 0.1

sources: VULHUB: VHN-45644 // BID: 44672 // JVNDB: JVNDB-2010-003013 // PACKETSTORM: 95642 // CNNVD: CNNVD-201011-104 // NVD: CVE-2010-3039

CREDITS

Knud Erik Hjgaard of nSense

Trust: 0.3

sources: BID: 44672

SOURCES

db:	VULHUB	id:	VHN-45644
db:	BID	id:	44672
db:	JVNDB	id:	JVNDB-2010-003013
db:	PACKETSTORM	id:	95642
db:	CNNVD	id:	CNNVD-201011-104
db:	NVD	id:	CVE-2010-3039

LAST UPDATE DATE

2024-11-23T21:56:12.424000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-45644	date:	2018-10-10T00:00:00
db:	BID	id:	44672	date:	2010-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2010-003013	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201011-104	date:	2010-11-11T00:00:00
db:	NVD	id:	CVE-2010-3039	date:	2024-11-21T01:17:55.463

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-45644	date:	2010-11-09T00:00:00
db:	BID	id:	44672	date:	2010-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2010-003013	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	95642	date:	2010-11-08T05:38:30
db:	CNNVD	id:	CNNVD-201011-104	date:	2010-11-11T00:00:00
db:	NVD	id:	CVE-2010-3039	date:	2010-11-09T21:00:03.460