Описание
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:unified_callmanager:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:4.1\(3\)sr4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:4.1\(3\)sr5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:4.1\(3\)sr5b:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.35513
Средний
10 Critical
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
почти 4 года назад
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
EPSS
Процентиль: 97%
0.35513
Средний
10 Critical
CVSS2
Дефекты
CWE-119