CVE-2010-3039

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 6 through 8

Description The issue allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface. This is related to the /usr/local/cm/bin/pktCap protectData endpoint.

Recommendations For versions 6 through 8, consider restricting access to the administrative interface to minimize the risk of exploitation. As a temporary workaround, limit the use of shell metacharacters in requests to the administrative interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.