Privilege Escalation Vulnerability in Cisco CallManager by Cisco
CVE-2006-0367

Currently unrated

Key Information:

Vendor: Cisco
Status: Call Manager
Vendor: CVE Published:; 22 January 2006

Summary

A vulnerability exists in Cisco CallManager that enables remote authenticated users with read-only administrative privileges to escalate their access to full administrative privileges. This is achieved through a specially crafted URL on the CCMAdmin web page, which can be exploited to bypass standard authentication controls. This flaw affects multiple versions of Cisco CallManager, including versions 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2, putting systems at risk of unauthorized access and control.

References

http://secunia.com/advisories/18501

third-party-advisoryx_refsource_SECUNIA

http://www.cisco.com/warp/public/707/cisco-sa-20060118-cc...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/16293

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 22, 2006
Vulnerability Reserved
Jan 22, 2006