Published: 09/11/2010 Updated: 10/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.1

VMScore: 685

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified communications manager 6.0
cisco unified communications manager 6.1\\(1\\)
cisco unified communications manager 6.1\\(4\\)
cisco unified communications manager 6.1\\(5\\)
cisco unified communications manager 6.1\\(1a\\)
cisco unified communications manager 6.1\\(1b\\)
cisco unified communications manager 6.1\\(3b\\)su1
cisco unified communications manager 6.1\\(4a\\)
cisco unified communications manager 6.1\\(3a\\)
cisco unified communications manager 6.1\\(2\\)
cisco unified communications manager 6.1\\(2\\)su1
cisco unified communications manager 6.1\\(3b\\)
cisco unified communications manager 6.1\\(4\\)su1
cisco unified communications manager 6.1\\(2\\)su1a
cisco unified communications manager 6.1\\(3\\)
cisco unified communications manager 6.1\\(4a\\)su2
cisco unified communications manager 7.0
cisco unified communications manager 7.1\\(3\\)
cisco unified communications manager 7.1\\(3a\\)su1a
cisco unified communications manager 7.1\\(5\\)su1a
cisco unified communications manager 7.0\\(2a\\)su2
cisco unified communications manager 7.0\\(1\\)su1a
cisco unified communications manager 7.0\\(2a\\)
cisco unified communications manager 7.1\\(5\\)
cisco unified communications manager 7.1\\(3a\\)su1
cisco unified communications manager 7.1\\(5\\)su1
cisco unified communications manager 7.1\\(5b\\)
cisco unified communications manager 7.1\\(2a\\)
cisco unified communications manager 7.1\\(2a\\)su1
cisco unified communications manager 7.1\\(3b\\)
cisco unified communications manager 7.1\\(3a\\)
cisco unified communications manager 7.1\\(5a\\)
cisco unified communications manager 7.0\\(2\\)
cisco unified communications manager 7.1\\(2b\\)
cisco unified communications manager 7.1\\(2b\\)su1
cisco unified communications manager 7.1\\(3b\\)su2
cisco unified communications manager 7.1\\(3b\\)su1
cisco unified communications manager 7.0\\(1\\)su1
cisco unified communications manager 7.0\\(2a\\)su1
cisco unified communications manager 8.0\\(2c\\)
cisco unified communications manager 8.0\\(3\\)
cisco unified communications manager 8.0\\(2c\\)su1
cisco unified communications manager 8.0

source: wwwsecurityfocuscom/bid/44672/info Cisco Unified Communications Manager is prone to a local privilege-escalation vulnerability Attackers can exploit this issue to gain administrative access to the affected device and execute arbitrary code with superuser privileges Successful exploits will lead to the complete compromise of the ...

nSense Vulnerability Research Security Advisory - Cisco Unified Communications Manager contains a setuid binary which fails to validate command line arguments A local user can leverage this vulnerability to gain root access by supplying suitable arguments to the binary ...

CWE-78 http://www.nsense.fi/advisories/nsense_2010_003.txt http://tools.cisco.com/security/center/viewAlert.x?alertId=21656 http://seclists.org/fulldisclosure/2010/Nov/40 http://www.securityfocus.com/bid/44672 http://www.vupen.com/english/advisories/2010/2915 http://secunia.com/advisories/42129 http://www.securitytracker.com/id?1024694 http://www.securityfocus.com/archive/1/514668/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/34954/

CVE-2010-3039

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect