Описание
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Broken Link
- Broken Link
- Third Party AdvisoryVDB Entry
- Permissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Broken Link
- Broken Link
- Third Party AdvisoryVDB Entry
- Permissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 3.3 (включая) до 3.3\(5\)sr2 (включая)Версия от 4.1 (включая) до 4.1\(3\)sr4 (включая)Версия от 4.2 (включая) до 4.2\(3\)sr1 (включая)Версия от 4.3 (включая) до 4.3\(1\) (включая)Версия от 5.1 (включая) до 5.1\(1\) (включая)
Одно из
cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05464
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
EPSS
Процентиль: 90%
0.05464
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other