Back to CVE Browser

CVE-2007-5538

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1790%

EPSS Percentile2.10th

PublishedOct 18, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.

Affected Platforms (CPE)

📦

Cisco

Unified Callmanager

= 5.0

📦

Cisco

Unified Communications Manager

<= 5.1\(2\)

References & Advisories

🔗 http://osvdb.org/37940

🔗 http://secunia.com/advisories/27296

🔗 http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml

🔗 http://www.securityfocus.com/bid/26105

🔗 http://www.securitytracker.com/id?1018828

🔗 http://www.vupen.com/english/advisories/2007/3532

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/37247

🔗 http://osvdb.org/37940

Related Vulnerabilities

CVE-2011-164310.0

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 an...

CVE-2006-527810.0

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Mana...

CVE-2008-002710.0

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications ...

CVE-2006-52779.3

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (C...