Vulnerability Description
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Callmanager | >= 3.3, <= 3.3\(5\)sr2 |
| Cisco | Unified Communications Manager | >= 4.3, <= 4.3\(1\) |
References
- http://secunia.com/advisories/26043Third Party Advisory
- http://securitytracker.com/id?1018369Third Party AdvisoryVDB Entry
- http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtmlPatchVendor Advisory
- http://www.iss.net/threats/271.htmlBroken Link
- http://www.osvdb.org/36121Broken Link
- http://www.securityfocus.com/bid/24868Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/2512Permissions RequiredThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19057Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/26043Third Party Advisory
- http://securitytracker.com/id?1018369Third Party AdvisoryVDB Entry
- http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtmlPatchVendor Advisory
- http://www.iss.net/threats/271.htmlBroken Link
- http://www.osvdb.org/36121Broken Link
- http://www.securityfocus.com/bid/24868Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/2512Permissions RequiredThird Party Advisory
FAQ
What is CVE-2006-5278?
CVE-2006-5278 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attacker...
How severe is CVE-2006-5278?
CVE-2006-5278 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5278?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Callmanager, Cisco Unified Communications Manager.