Vulnerability Details : CVE-2006-5277
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-5277
- cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*
- Cisco » Unified Communications ManagerVersions from including (>=) 4.3 and up to, including, (<=) 4.3\(1\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- Cisco » Unified Communications ManagerVersions from including (>=) 5.1 and up to, including, (<=) 5.1\(1\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5277
5.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5277
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2006-5277
-
http://www.vupen.com/english/advisories/2007/2512
Permissions Required;Third Party Advisory
-
http://secunia.com/advisories/26043
Third Party Advisory
-
http://www.iss.net/threats/270.html
Broken Link
-
http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31437
Third Party Advisory;VDB Entry
-
http://www.osvdb.org/36122
Broken Link
-
http://www.securityfocus.com/bid/24868
Third Party Advisory;VDB Entry
-
http://securitytracker.com/id?1018369
Third Party Advisory;VDB Entry
Jump to