CVE-2010-3039

Cisco Unified Communications Manager <8 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3039. PoCs published by Knud Erik Hjgaard.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Cisco Unified Communications Manager via the pktCap_protectData binary. The PoC demonstrates arbitrary command execution by appending a command (id) to the -i argument, leading to local privilege escalation.

Description

/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Knud Erik Hjgaard · textlocalhardware
https://www.exploit-db.com/exploits/34954

This exploit leverages a command injection vulnerability in Cisco Unified Communications Manager via the pktCap_protectData binary. The PoC demonstrates arbitrary command execution by appending a command (id) to the -i argument, leading to local privilege escalation.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Cisco Unified Communications Manager 6, 7, and 8
Auth required
Prerequisites: Local access to the target system · Ability to execute the pktCap_protectData binary
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44672
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514668/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024694
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42129
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Nov/40
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2915

Scores

EPSS 0.0861
EPSS Percentile 94.4%

Details

CWE
CWE-78
Status published
Products (43)
cisco/unified_communications_manager 6.0
cisco/unified_communications_manager 6.1\(1\)
cisco/unified_communications_manager 6.1\(1a\)
cisco/unified_communications_manager 6.1\(1b\)
cisco/unified_communications_manager 6.1\(2\)
cisco/unified_communications_manager 6.1\(2\)su1
cisco/unified_communications_manager 6.1\(2\)su1a
cisco/unified_communications_manager 6.1\(3\)
cisco/unified_communications_manager 6.1\(3a\)
cisco/unified_communications_manager 6.1\(3b\)
... and 33 more
Published Nov 09, 2010
Tracked Since Feb 18, 2026