Vulnerability CVE-2007-3776 - CERT Civis.Net

Vulnerability Name:

CVE-2007-3776 (CCN-35344)

Assigned:

2007-07-11

Published:

2007-07-11

Updated:

2017-07-29

Summary:

Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2007-3776

Source: OSVDB
Type: UNKNOWN
36124

Source: CCN
Type: SA26039
Cisco Unified Communications Manager and Presence Server Security Bypass

Source: SECUNIA
Type: UNKNOWN
26039

Source: CCN
Type: SECTRACK ID: 1018368
Cisco Unified Communications Manager Lets Remote Users Deny Service and Obtain Sensitive Information

Source: SECTRACK
Type: UNKNOWN
1018368

Source: CCN
Type: cisco-sa-20070711-voip
Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities

Source: CISCO
Type: Patch
20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities

Source: CCN
Type: OSVDB ID: 36124
Cisco CUCM / CUPS Unspecified SNMP Information Disclosure

Source: BID
Type: UNKNOWN
24867

Source: CCN
Type: BID-24867
Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-2511

Source: XF
Type: UNKNOWN
cisco-callmanager-presence-info-disclosure(35344)

Source: XF
Type: UNKNOWN
cisco-callmanager-presence-info-disclosure(35344)

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_communications_manager:5.1(1):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_communications_manager:5.1(2):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0(1):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0(2):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0(3):*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_communications_manager:5.1(1):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_communications_manager:5.1(2):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0(1):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0(2):*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_presence_server:1.0(3):*:*:*:*:*:*:*

Denotes that component is vulnerable