Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2010-3039 First vendor Publication 2010-11-09
Vendor Cve Last vendor Modification 2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.8 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.1 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3039

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 43

Open Source Vulnerability Database (OSVDB)

Id Description
69158 Cisco Unified Communications Manager /usr/local/cm/bin/pktCap_protectData Pri...

Cisco Unified Communications Manager contains an input validation flaw in the "/usr/local/cm/bin/pktCap_protectData" setuid program that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local attacker runs the binary application with malicious options, allowing them to execute arbitrary code with elevated privileges. This vulnerability can also be exploited remotely by authenticated administrators.

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/44672
BUGTRAQ http://www.securityfocus.com/archive/1/514668/100/0/threaded
CONFIRM http://tools.cisco.com/security/center/viewAlert.x?alertId=21656
FULLDISC http://seclists.org/fulldisclosure/2010/Nov/40
MISC http://www.nsense.fi/advisories/nsense_2010_003.txt
SECTRACK http://www.securitytracker.com/id?1024694
SECUNIA http://secunia.com/advisories/42129
VUPEN http://www.vupen.com/english/advisories/2010/2915

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:12:04
  • Multiple Updates
2021-04-22 01:12:30
  • Multiple Updates
2020-05-23 00:26:17
  • Multiple Updates
2018-10-11 00:19:54
  • Multiple Updates
2016-04-26 20:01:42
  • Multiple Updates
2013-05-10 23:30:33
  • Multiple Updates