CVE-2006-3594Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Unified Callmanager

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-94Code Injection5 documents5 sources
Severity
7.5HIGHNVD
EPSS
5.4%
top 9.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Callmanager
Timeline
PublishedJul 18
Latest updateMay 1

Description

Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/unified_callmanager4 versions+3

Patches

Patch: secunia.comPatch: www.cisco.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-g2w2-69h2-v3w8: Buffer overflow in Cisco Unified CallManager (CUCM) 52022-05-01
CVEList
CVE-2006-3594: Buffer overflow in Cisco Unified CallManager (CUCM) 52006-07-14

📋Vendor Advisories

1
Cisco
Multiple Cisco Unified CallManager Vulnerabilities2006-07-12

💬Community

1
Bugzilla
CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)2006-08-15
CVE-2006-3594 — Cisco Unified Callmanager vulnerability | cvebase