6.8
CVE-2010-3039
- EPSS 8.61%
- Veröffentlicht 09.11.2010 21:00:03
- Zuletzt bearbeitet 16.06.2026 23:22:01
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Unified Communications Manager Version6.0
Cisco ≫ Unified Communications Manager Version7.0
Cisco ≫ Unified Communications Manager Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.61% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
http://seclists.org/fulldisclosure/2010/Nov/40
http://secunia.com/advisories/42129
http://tools.cisco.com/security/center/viewAlert.x?alertId=21656
http://www.nsense.fi/advisories/nsense_2010_003.txt
http://www.securityfocus.com/archive/1/514668/100/0/threaded
http://www.securityfocus.com/bid/44672
http://www.securitytracker.com/id?1024694
http://www.vupen.com/english/advisories/2010/2915