Vulnerability Name:

CVE-2007-5539 (CCN-37248)

Assigned:2007-10-17
Published:2007-10-17
Updated:2017-07-29
Summary:Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-5539

Source: OSVDB
Type: UNKNOWN
37938

Source: CCN
Type: SA27214
Cisco Products Unspecified Unauthorized Access Vulnerability

Source: SECUNIA
Type: Vendor Advisory
27214

Source: CCN
Type: SECTRACK ID: 1018829
Cisco Unified Contact Center Grants Access to Certain Users to Read Web View Report Information

Source: CISCO
Type: UNKNOWN
20071017 Cisco Unified Communications Web-based Management Vulnerability

Source: CCN
Type: cisco-sa-20071017-IPCC
Cisco Unified Communications Web-based Management Vulnerability

Source: CCN
Type: OSVDB ID: 37938
Cisco Multiple Products Unspecified Remote Privilege Escalation

Source: BID
Type: UNKNOWN
26106

Source: CCN
Type: BID-26106
Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity

Source: SECTRACK
Type: UNKNOWN
1018829

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3533

Source: XF
Type: UNKNOWN
cisco-webview-unauthorized-access(37248)

Source: XF
Type: UNKNOWN
cisco-webview-unauthorized-access(37248)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_contact_center_enterprise:7.1(5):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_contact_center_hosted:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_icm_hosted:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_intelligent_contact_management_enterprise:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:unified_contact_center_enterprise:7.1(5):*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco unified contact center enterprise *
    cisco unified contact center enterprise 7.1(5)
    cisco unified contact center hosted *
    cisco unified icm hosted *
    cisco unified intelligent contact management enterprise *
    cisco unified contact center enterprise 7.1(5)