CVE-2010-3039
Cisco Unified Communications Manager <8 - Command Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-3039. PoCs published by Knud Erik Hjgaard.
AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Cisco Unified Communications Manager via the pktCap_protectData binary. The PoC demonstrates arbitrary command execution by appending a command (id) to the -i argument, leading to local privilege escalation.
Description
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
Exploits (1)
This exploit leverages a command injection vulnerability in Cisco Unified Communications Manager via the pktCap_protectData binary. The PoC demonstrates arbitrary command execution by appending a command (id) to the -i argument, leading to local privilege escalation.