CVE-2006-5278

CWE-119 — Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

10.1%

top 6.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Callmanager Cisco Unified Communications Manager

Timeline

PublishedJul 15

Latest updateMay 1

Description

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/unified_callmanager3.3 — 3.3\(5\)sr2+4

▶NVDcisco/unified_communications_manager4.3 — 4.3\(1\)

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-578w-ff3h-hrqq: Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC↗2022-05-01

▶

CVEList

CVE-2006-5278: Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC↗2007-07-15

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Overflow Vulnerabilities↗2007-07-11

▶