Command Injection Vulnerability in Cisco Unified CallManager CLI
CVE-2006-3592

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Callmanager
Vendor: CVE Published:; 18 July 2006

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An unspecified command injection vulnerability exists in the command line interface (CLI) of Cisco Unified CallManager versions 5.0(1) to 5.0(3a). This flaw allows local users to execute arbitrary commands with elevated privileges through certain CLI commands, potentially compromising the system's integrity and security. Addressing this vulnerability is crucial to maintaining the safety of telecommunication networks reliant on Cisco technologies.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-3592
Created by adenkiewicz

References

http://www.osvdb.org/27160

vdb-entryx_refsource_OSVDB

http://securitytracker.com/id?1016475

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/18952

vdb-entryx_refsource_BID

Timeline

🟡
Public PoC available
May 11, 2019
👾
Exploit known to exist
May 11, 2019
Vulnerability published
Jul 18, 2006
Vulnerability Reserved
Jul 14, 2006