// For flags

CVE-2006-5277

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.

Error de superación de límite (off-by-one) en el servicio Certificate Trust List (CTL) Provider (CTLProvider.exe) de Cisco Unified Communications Manager (CUCM, anteriormente CallManager) anterior al 11/07/2007 permite a atacantes remotos ejecutar código de su elección mediante un paquete manipulado que dispara un desbordamiento de búfer basado en montículo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-10-13 CVE Reserved
  • 2007-07-15 CVE Published
  • 2024-04-10 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
>= 3.3 <= 3.3\(5\)sr2
Search vendor "Cisco" for product "Unified Callmanager" and version " >= 3.3 <= 3.3\(5\)sr2"
-
Affected
Cisco
Search vendor "Cisco"
Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
>= 4.1 <= 4.1\(3\)sr4
Search vendor "Cisco" for product "Unified Callmanager" and version " >= 4.1 <= 4.1\(3\)sr4"
-
Affected
Cisco
Search vendor "Cisco"
Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
>= 4.2 <= 4.2\(3\)sr1
Search vendor "Cisco" for product "Unified Callmanager" and version " >= 4.2 <= 4.2\(3\)sr1"
-
Affected
Cisco
Search vendor "Cisco"
Unified Callmanager
Search vendor "Cisco" for product "Unified Callmanager"
5.0
Search vendor "Cisco" for product "Unified Callmanager" and version "5.0"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
>= 4.3 <= 4.3\(1\)
Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 4.3 <= 4.3\(1\)"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
>= 5.1 <= 5.1\(1\)
Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 5.1 <= 5.1\(1\)"
-
Affected