Details of VAR-200601-0325

ID

VAR-200601-0325

CVE

CVE-2006-0367

TITLE

Cisco CallManager CCMAdmin Remote privilege elevation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200601-288

DESCRIPTION

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page.". Cisco CallManager is susceptible to a remote privilege escalation vulnerability. This issue is due to a failure of the application to properly enforce access controls. This issue is only exploitable when Multi Level Administration is enabled, and users are granted read-only administrative access via the CCMAdmin Web interface. TITLE: Cisco Call Manager CCMAdmin Privilege Escalation SECUNIA ADVISORY ID: SA18501 VERIFY ADVISORY: http://secunia.com/advisories/18501/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: Cisco CallManager 4.x http://secunia.com/product/5363/ Cisco CallManager 3.x http://secunia.com/product/2805/ DESCRIPTION: A vulnerability has been reported in Cisco CallManager, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an error in the CCMAdmin web page. The vulnerability affects the following versions: * Cisco CallManager 3.2 and earlier * Cisco CallManager 3.3, versions earlier than 3.3(5)SR1 * Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c * Cisco CallManager 4.1, versions earlier than 4.1(3)SR2 SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml#software PROVIDED AND/OR DISCOVERED BY: The vendor credits CNLabs of Switzerland. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0367 // BID: 16293 // VULHUB: VHN-16475 // PACKETSTORM: 43193

AFFECTED PRODUCTS

vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 1.9
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)es07	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(2\)es33	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)es61	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(4\)es25	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0\(2a\)sr2b	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0\(2a\)es40	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.2	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	2.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	1.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(2\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	call manager sr1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es07	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es33	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager sr2b	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager es40	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(5)	Trust: 0.3
vendor:	cisco	model:	call manager es25	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager es61	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(3)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1(2)	Trust: 0.3
vendor:	cisco	model:	call manager sr2	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es32	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es55	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager sr2c	scope:	ne	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager es62	scope:	ne	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager sr1a	scope:	ne	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager es30	scope:	ne	version:	3.3	Trust: 0.3

sources: BID: 16293 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0367
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200601-288
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-16475
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-0367
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-16475
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16475 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2006-0367

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-288

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200601-288

EXTERNAL IDS

db:	BID	id:	16293	Trust: 2.0
db:	SECUNIA	id:	18501	Trust: 1.8
db:	NVD	id:	CVE-2006-0367	Trust: 1.7
db:	OSVDB	id:	22621	Trust: 1.7
db:	VUPEN	id:	ADV-2006-0250	Trust: 1.7
db:	SECTRACK	id:	1015502	Trust: 1.7
db:	CNNVD	id:	CNNVD-200601-288	Trust: 0.7
db:	XF	id:	24172	Trust: 0.6
db:	CISCO	id:	20060118 CISCO CALL MANAGER PRIVILEGE ESCALATION	Trust: 0.6
db:	VULHUB	id:	VHN-16475	Trust: 0.1
db:	PACKETSTORM	id:	43193	Trust: 0.1

sources: VULHUB: VHN-16475 // BID: 16293 // PACKETSTORM: 43193 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml	Trust: 1.8
url:	http://www.securityfocus.com/bid/16293	Trust: 1.7
url:	http://www.osvdb.org/22621	Trust: 1.7
url:	http://securitytracker.com/id?1015502	Trust: 1.7
url:	http://secunia.com/advisories/18501	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/0250	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24172	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2006/0250	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/24172	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3
url:	/archive/1/422375	Trust: 0.3
url:	http://secunia.com/product/2805/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/18501/	Trust: 0.1
url:	http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml#software	Trust: 0.1
url:	http://secunia.com/product/5363/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-16475 // BID: 16293 // PACKETSTORM: 43193 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

CREDITS

CNLabs of Switzerland reported this issue to the vendor.

Trust: 0.9

sources: BID: 16293 // CNNVD: CNNVD-200601-288

SOURCES

db:	VULHUB	id:	VHN-16475
db:	BID	id:	16293
db:	PACKETSTORM	id:	43193
db:	CNNVD	id:	CNNVD-200601-288
db:	NVD	id:	CVE-2006-0367

LAST UPDATE DATE

2024-08-14T13:50:54.244000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16475	date:	2017-07-20T00:00:00
db:	BID	id:	16293	date:	2006-02-07T20:55:00
db:	CNNVD	id:	CNNVD-200601-288	date:	2006-04-30T00:00:00
db:	NVD	id:	CVE-2006-0367	date:	2017-07-20T01:29:42.033

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16475	date:	2006-01-22T00:00:00
db:	BID	id:	16293	date:	2006-01-18T00:00:00
db:	PACKETSTORM	id:	43193	date:	2006-01-19T17:33:40
db:	CNNVD	id:	CNNVD-200601-288	date:	2006-01-22T00:00:00
db:	NVD	id:	CVE-2006-0367	date:	2006-01-22T20:03:00