ID

VAR-200601-0325


CVE

CVE-2006-0367


TITLE

Cisco CallManager CCMAdmin Remote privilege elevation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200601-288

DESCRIPTION

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page.". Cisco CallManager is susceptible to a remote privilege escalation vulnerability. This issue is due to a failure of the application to properly enforce access controls. This issue is only exploitable when Multi Level Administration is enabled, and users are granted read-only administrative access via the CCMAdmin Web interface. TITLE: Cisco Call Manager CCMAdmin Privilege Escalation SECUNIA ADVISORY ID: SA18501 VERIFY ADVISORY: http://secunia.com/advisories/18501/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: Cisco CallManager 4.x http://secunia.com/product/5363/ Cisco CallManager 3.x http://secunia.com/product/2805/ DESCRIPTION: A vulnerability has been reported in Cisco CallManager, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an error in the CCMAdmin web page. The vulnerability affects the following versions: * Cisco CallManager 3.2 and earlier * Cisco CallManager 3.3, versions earlier than 3.3(5)SR1 * Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c * Cisco CallManager 4.1, versions earlier than 4.1(3)SR2 SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml#software PROVIDED AND/OR DISCOVERED BY: The vendor credits CNLabs of Switzerland. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0367 // BID: 16293 // VULHUB: VHN-16475 // PACKETSTORM: 43193

AFFECTED PRODUCTS

vendor:ciscomodel:call managerscope:eqversion:3.3

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)es07

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(2\)es33

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(3\)es61

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(5\)

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(4\)es25

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.0\(2a\)sr2b

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)sr1

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(3\)

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.0\(2a\)es40

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.0

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:3.2

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:3.0

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:2.0

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:1.0

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:3.1\(2\)

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:3.1\(3a\)

Trust: 1.0

vendor:ciscomodel:call manager sr1scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es07scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es33scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2bscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es40scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(5)

Trust: 0.3

vendor:ciscomodel:call manager es25scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es61scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(3)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.1(2)

Trust: 0.3

vendor:ciscomodel:call manager sr2scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es32scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es55scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2cscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es62scope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager sr1ascope:neversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es30scope:neversion:3.3

Trust: 0.3

sources: BID: 16293 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0367
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200601-288
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16475
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0367
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16475
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16475 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2006-0367

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-288

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200601-288

EXTERNAL IDS

db:BIDid:16293

Trust: 2.0

db:SECUNIAid:18501

Trust: 1.8

db:NVDid:CVE-2006-0367

Trust: 1.7

db:OSVDBid:22621

Trust: 1.7

db:VUPENid:ADV-2006-0250

Trust: 1.7

db:SECTRACKid:1015502

Trust: 1.7

db:CNNVDid:CNNVD-200601-288

Trust: 0.7

db:XFid:24172

Trust: 0.6

db:CISCOid:20060118 CISCO CALL MANAGER PRIVILEGE ESCALATION

Trust: 0.6

db:VULHUBid:VHN-16475

Trust: 0.1

db:PACKETSTORMid:43193

Trust: 0.1

sources: VULHUB: VHN-16475 // BID: 16293 // PACKETSTORM: 43193 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml

Trust: 1.8

url:http://www.securityfocus.com/bid/16293

Trust: 1.7

url:http://www.osvdb.org/22621

Trust: 1.7

url:http://securitytracker.com/id?1015502

Trust: 1.7

url:http://secunia.com/advisories/18501

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0250

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24172

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/0250

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24172

Trust: 0.6

url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html

Trust: 0.3

url:/archive/1/422375

Trust: 0.3

url:http://secunia.com/product/2805/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/18501/

Trust: 0.1

url:http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml#software

Trust: 0.1

url:http://secunia.com/product/5363/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-16475 // BID: 16293 // PACKETSTORM: 43193 // CNNVD: CNNVD-200601-288 // NVD: CVE-2006-0367

CREDITS

CNLabs of Switzerland reported this issue to the vendor.

Trust: 0.9

sources: BID: 16293 // CNNVD: CNNVD-200601-288

SOURCES

db:VULHUBid:VHN-16475
db:BIDid:16293
db:PACKETSTORMid:43193
db:CNNVDid:CNNVD-200601-288
db:NVDid:CVE-2006-0367

LAST UPDATE DATE

2024-11-23T22:20:08.546000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16475date:2017-07-20T00:00:00
db:BIDid:16293date:2006-02-07T20:55:00
db:CNNVDid:CNNVD-200601-288date:2006-04-30T00:00:00
db:NVDid:CVE-2006-0367date:2024-11-21T00:06:18.083

SOURCES RELEASE DATE

db:VULHUBid:VHN-16475date:2006-01-22T00:00:00
db:BIDid:16293date:2006-01-18T00:00:00
db:PACKETSTORMid:43193date:2006-01-19T17:33:40
db:CNNVDid:CNNVD-200601-288date:2006-01-22T00:00:00
db:NVDid:CVE-2006-0367date:2006-01-22T20:03:00