CVE-2007-5538

CWE-119 — Buffer Overflow CWE-3994 documents4 sources

Severity

10.0CRITICAL

EPSS

7.5%

top 8.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Callmanager

Timeline

PublishedOct 18

Latest updateMay 1

Description

Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/unified_callmanager5.0

▶NVDcisco/unified_communications_manager5.1\(2\)

🔴Vulnerability Details

GHSA

GHSA-76f8-93vw-4mch: Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5↗2022-05-01

▶

CVEList

CVE-2007-5538: Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5↗2007-10-18

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Denial of Service Vulnerabilities↗2007-10-17

▶