Cross-Site Scripting Vulnerability in Cisco CallManager Web Application Firewall
CVE-2007-2832

Currently unrated

Key Information:

Vendor: Cisco
Status: Call Manager
Vendor: CVE Published:; 24 May 2007

Summary

The vulnerability in Cisco CallManager's web application firewall allows attackers to exploit the system by injecting arbitrary web scripts or HTML. This can occur via specially crafted requests to the CCMAdmin interface, particularly through the pattern parameter on the serverlist.asp page. If exploited, this vulnerability could be used for a variety of malicious activities, including session hijacking or redirecting users to malicious sites. Organizations using affected versions of Cisco CallManager are urged to apply mitigations and updates to safeguard against potential exploitation.

References

http://www.securitytracker.com/id?1018105

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2007/1922

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/35337

vdb-entryx_refsource_OSVDB

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 24, 2007
Vulnerability Reserved
May 23, 2007