Vulnerability Name:

CVE-2006-0367 (CCN-24172)

Assigned:2006-01-18
Published:2006-01-18
Updated:2017-07-20
Summary:Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2006-0367

Source: CCN
Type: SA18501
Cisco Call Manager CCMAdmin Privilege Escalation

Source: SECUNIA
Type: Patch, Vendor Advisory
18501

Source: CCN
Type: SECTRACK ID: 1015502
Cisco CallManager Bug Lets Read-Only Administrators Gain Full Administrator Privileges

Source: SECTRACK
Type: Patch
1015502

Source: CCN
Type: Cisco CallManager Web page
Introduction

Source: CCN
Type: cisco-sa-20060118-ccmpe
Cisco Security Advisory: Cisco Call Manager Privilege Escalation

Source: CISCO
Type: Patch, Vendor Advisory
20060118 Cisco Call Manager Privilege Escalation

Source: OSVDB
Type: Patch
22621

Source: CCN
Type: OSVDB ID: 22621
Cisco CallManager CCMAdmin Crafted URL Privilege Escalation

Source: BID
Type: UNKNOWN
16293

Source: CCN
Type: BID-16293
Cisco CallManager CCMAdmin Remote Privilege Escalation Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0250

Source: XF
Type: UNKNOWN
cisco-callmanager-ccmadmin-gain-priv(24172)

Source: XF
Type: UNKNOWN
cisco-callmanager-ccmadmin-gain-priv(24172)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:cisco:call_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:2.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.1:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.1(2):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.1(3a):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.2:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.3:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.3(3):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.3(3)es61:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.3(4)es25:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:3.3(5):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:4.0(2a)es40:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:4.0(2a)sr2b:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:4.1(2)es33:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:4.1(3)es07:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:call_manager:4.1(3)sr1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco call manager 1.0
    cisco call manager 2.0
    cisco call manager 3.0
    cisco call manager 3.1
    cisco call manager 3.1(2)
    cisco call manager 3.1(3a)
    cisco call manager 3.2
    cisco call manager 3.3
    cisco call manager 3.3(3)
    cisco call manager 3.3(3)es61
    cisco call manager 3.3(4)es25
    cisco call manager 3.3(5)
    cisco call manager 4.0
    cisco call manager 4.0(2a)es40
    cisco call manager 4.0(2a)sr2b
    cisco call manager 4.1(2)es33
    cisco call manager 4.1(3)es07
    cisco call manager 4.1(3)sr1