CVE Vulnerabilities

CVE-2006-5277

Published: Jul 15, 2007 | Modified: Oct 17, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Unified_callmanager Cisco 5.0 5.0
Unified_callmanager Cisco 3.3 3.3(5)sr2
Unified_callmanager Cisco 4.1 4.1(3)sr4
Unified_callmanager Cisco 4.2 4.2(3)sr1
Unified_communications_manager Cisco 4.3 4.3(1)
Unified_communications_manager Cisco 5.1 5.1(1)

References