VDB
CVE-2006-5277
CVE-2006-5277
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
EPSS 5.67% · 90.6th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
5.67%
90.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| cisco | unified_communications_manager | 4.3, 5.1 |
| cisco | unified_callmanager | 3.3, 4.2, 5.0 |
Exploit Intelligence
- 36122 (circl)
- 20070711 Cisco Unified Communications Manager Overflow Vulnerabilities (circl)
- ADV-2007-2512 (circl)
- 20070711 Cisco Call Manager CTLProvider.exe Remote Code Execution (circl)
- 26043 (circl)
- 24868 (circl)
- voip-filename-overflow(31437) (circl)
- 1018369 (circl)
Timeline
- Jul 11, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- 36122 vdb
- 20070711 Cisco Unified Communications Manager Overflow Vulnerabilities vendor-advisory
- ADV-2007-2512 vdb
- 20070711 Cisco Call Manager CTLProvider.exe Remote Code Execution third-party-advisory
- 26043 third-party-advisory
- 24868 vdb
- voip-filename-overflow(31437) vdb
- 1018369 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2006-5277 advisory