CVE-2010-3039:unified_communications_manager: /usr/local/cm/bin/pktCap

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3039

unified_communications_manager: /usr/local/cm/bin/pktCap_protectData in Cisco Unifi...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3039

Original

/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-11-09

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-10

Affected Product Tags

cpe:/a:cisco:unified_communications_manager:6.0

cpe:/a:cisco:unified_communications_manager:6.1%281%29

cpe:/a:cisco:unified_communications_manager:6.1%281a%29

cpe:/a:cisco:unified_communications_manager:6.1%281b%29

cpe:/a:cisco:unified_communications_manager:6.1%282%29

cpe:/a:cisco:unified_communications_manager:6.1%282%29su1

cpe:/a:cisco:unified_communications_manager:6.1%282%29su1a

cpe:/a:cisco:unified_communications_manager:6.1%283%29

cpe:/a:cisco:unified_communications_manager:6.1%283a%29

cpe:/a:cisco:unified_communications_manager:6.1%283b%29

cpe:/a:cisco:unified_communications_manager:6.1%283b%29su1

cpe:/a:cisco:unified_communications_manager:6.1%284%29

cpe:/a:cisco:unified_communications_manager:6.1%284%29su1

cpe:/a:cisco:unified_communications_manager:6.1%284a%29

cpe:/a:cisco:unified_communications_manager:6.1%284a%29su2

cpe:/a:cisco:unified_communications_manager:6.1%285%29

cpe:/a:cisco:unified_communications_manager:7.0

cpe:/a:cisco:unified_communications_manager:7.0%281%29su1

cpe:/a:cisco:unified_communications_manager:7.0%281%29su1a

cpe:/a:cisco:unified_communications_manager:7.0%282%29

cpe:/a:cisco:unified_communications_manager:7.0%282a%29

cpe:/a:cisco:unified_communications_manager:7.0%282a%29su1

cpe:/a:cisco:unified_communications_manager:7.0%282a%29su2

cpe:/a:cisco:unified_communications_manager:7.1%282a%29

cpe:/a:cisco:unified_communications_manager:7.1%282a%29su1

cpe:/a:cisco:unified_communications_manager:7.1%282b%29

cpe:/a:cisco:unified_communications_manager:7.1%282b%29su1

cpe:/a:cisco:unified_communications_manager:7.1%283%29

cpe:/a:cisco:unified_communications_manager:7.1%283a%29

cpe:/a:cisco:unified_communications_manager:7.1%283a%29su1

cpe:/a:cisco:unified_communications_manager:7.1%283a%29su1a

cpe:/a:cisco:unified_communications_manager:7.1%283b%29

cpe:/a:cisco:unified_communications_manager:7.1%283b%29su1

cpe:/a:cisco:unified_communications_manager:7.1%283b%29su2

cpe:/a:cisco:unified_communications_manager:7.1%285%29

cpe:/a:cisco:unified_communications_manager:7.1%285%29su1

cpe:/a:cisco:unified_communications_manager:7.1%285%29su1a

cpe:/a:cisco:unified_communications_manager:7.1%285a%29

cpe:/a:cisco:unified_communications_manager:7.1%285b%29

cpe:/a:cisco:unified_communications_manager:8.0

cpe:/a:cisco:unified_communications_manager:8.0%282c%29

cpe:/a:cisco:unified_communications_manager:8.0%282c%29su1

cpe:/a:cisco:unified_communications_manager:8.0%283%29

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 44672

CONFIRM http://tools.cisco.com/security/center/viewAlert.x?alertId=21656

FULLDISC 20101105 nSense-2010-003: Cisco Unified Communications Manager

MISC http://www.nsense.fi/advisories/nsense_2010_003.txt

SECUNIA 42129

VUPEN ADV-2010-2915

Vulnerability Type OS Command Injections (CWE-78)