Remote Code Execution Vulnerability in Cisco Unified Communications Manager
CVE-2006-5278

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Callmanager; Unified Communications Manager
Vendor: CVE Published:; 15 July 2007

What is CVE-2006-5278?

The Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager prior to version 20070711 is prone to an integer overflow vulnerability. This flaw allows remote attackers to exploit crafted packets to execute arbitrary code on the affected system, which can lead to a heap-based buffer overflow and potentially compromise network security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19057

vdb-entryx_refsource_XF

http://www.iss.net/threats/271.html

third-party-advisoryx_refsource_ISS

http://www.cisco.com/warp/public/707/cisco-sa-20070711-cu...

vendor-advisoryx_refsource_CISCO

EPSS Score

9% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2007
Vulnerability Reserved
Oct 13, 2006