Buffer Overflow in Cisco Unified Communications Manager 5.1 and 5.0
CVE-2007-5538

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Manager; Unified Callmanager
Vendor: CVE Published:; 18 October 2007

Summary

The vulnerability manifests as a buffer overflow in the Centralized TFTP File Locator Service of Cisco Unified Communications Manager (CUCM). This flaw allows remote attackers to exploit unspecified vectors related to filename processing, potentially leading to arbitrary code execution or causing a denial of service. It affects versions 5.0 and earlier 5.1 releases before 5.1(3). Organizations utilizing affected versions should prioritize updating their systems to mitigate these risks.

References

http://www.securityfocus.com/bid/26105

vdb-entryx_refsource_BID

http://osvdb.org/37940

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2007/3532

vdb-entryx_refsource_VUPEN

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 18, 2007
Vulnerability Reserved
Oct 17, 2007