CVE-2007-5539 - OpenCVE

Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Unified Intelligent Contact Management Enterprise Unified Icm Hosted Unified Contact Center Enterprise Unified Contact Center Hosted

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::
	cpe:2.3:a:cisco:unified_contact_center_enterprise:7.1\(5\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_hosted::::::::
	cpe:2.3:a:cisco:unified_icm_hosted::::::::
	cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise::::::::

References

Link	Resource
http://osvdb.org/37938
http://secunia.com/advisories/27214	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml
http://www.securityfocus.com/bid/26106
http://www.securitytracker.com/id?1018829
http://www.vupen.com/english/advisories/2007/3533	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/37248

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-18T00:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-10-17T00:00:00

Link: CVE-2007-5539

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-18T00:17:00.000

Modified: 2017-07-29T01:33:43.520

Link: CVE-2007-5539

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20071017 Cisco Unified Communications Web-based Management Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"}, {"name": "ADV-2007-3533", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3533"}, {"name": "37938", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37938"}, {"name": "cisco-webview-unauthorized-access(37248)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"}, {"name": "1018829", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018829"}, {"name": "27214", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27214"}, {"name": "26106", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26106"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5539", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071017 Cisco Unified Communications Web-based Management Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"}, {"name": "ADV-2007-3533", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3533"}, {"name": "37938", "refsource": "OSVDB", "url": "http://osvdb.org/37938"}, {"name": "cisco-webview-unauthorized-access(37248)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"}, {"name": "1018829", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018829"}, {"name": "27214", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27214"}, {"name": "26106", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26106"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5539", "datePublished": "2007-10-18T00:00:00", "dateReserved": "2007-10-17T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "C72EB4AF-531A-4EA3-A10E-4F8344C52F49", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:7.1\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "B5AE16C9-6712-4964-B32E-3D5BE09B19ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:*", "matchCriteriaId": "D98D843F-F954-4398-852B-9DBD76AD7EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_icm_hosted:*:*:*:*:*:*:*:*", "matchCriteriaId": "36F355CE-F84F-47ED-9D4A-BB67074F763C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "19D8C181-8AEA-4383-B2B0-CBB8F59115C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH) y System Unified Contact Center Enterprise (SUCCE) versi\u00f3n 7.1 (5), permite a usuarios autenticados remotos alcanzar privilegios y leer reportes o cambiar la configuraci\u00f3n de SUCCE, por medio de ciertas interfaces web, tambi\u00e9n se conoce como CSCsj55686."}], "id": "CVE-2007-5539", "lastModified": "2017-07-29T01:33:43.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-18T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37938"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27214"}, {"source": "cve@mitre.org", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26106"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018829"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3533"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37248"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}