Vulners
Lucene search
Cisco Unified Communications Manager Privilege Escalation
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2010-3039 | 3 Nov 201000:00 | – | circl |
 | CVE-2010-3039 | 9 Nov 201020:00 | – | cve |
 | CVE-2010-3039 | 9 Nov 201020:00 | – | cvelist |
 | EUVD-2010-3041 | 7 Oct 202500:30 | – | euvd |
 | CVE-2010-3039 | 9 Nov 201021:00 | – | nvd |
 | Design/Logic Flaw | 9 Nov 201021:00 | – | prion |
 | nSense-2010-003: Cisco Unified Communications Manager | 9 Nov 201000:00 | – | securityvulns |
| Cisco Unified Communications Manager shell characters vulnerability | 9 Nov 201000:00 | – | securityvulns |
` nSense Vulnerability Research Security Advisory NSENSE-2010-003
---------------------------------------------------------------
Affected Vendor: Cisco Systems, Inc
Affected Product: Cisco Unified Communications Manager
Platform: All
Impact: Privilege Escalation
Vendor response: Patch. IntelliShield ID 21656
CVE: CVE-2010-3039
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
Cisco Unified Communications Manager contains a setuid binary
which fails to validate command line arguments. A local user
can leverage this vulnerability to gain root access by
supplying suitable arguments to the binary.
The application also contains unsafe function calls, such as
sprintf().
Proof of concept:
/usr/local/cm/bin/pktCap_protectData -i";id"
Timeline:
Aug 21st Contacted vendor PSIRT
Aug 23rd Vendor response. Vulnerability acknowledged
Aug 23rd More information sent to vendor
Sep 2nd Status update request sent to vendor
Sep 2nd Vendor response
Sep 3rd Vendor response. More information provided.
Sep 22nd Status update request sent to vendor
Sep 22nd Vendor response
Sep 23rd Vendor response. New release date suggested
Sep 23rd Agreed to the October 20th release date
Sep 23rd Vendor response
Oct 6th Requested schedule information from vendor
Oct 6th Vendor response. New release date suggested
Oct 6th Sent counterproposal to vendor
Oct 6th Vendor response. Requested Wednesday release
Oct 7th Agreed to the new release date
Oct 7th Vendor response
Nov 3rd Vendor confirms release and sends link
Nov 5th Advisory published
A thank you to Matthew Cerha / Cisco PSIRT for the coordination
effort.
"Remember, remember the Fifth of November"
Links:
http://tools.cisco.com/security/center/viewAlert.x?alertId=21656
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Nov 2010 00:00Current
0.9Low risk
Vulners AI Score0.9
EPSS0.02623