Sign-up

ID

VAR-200606-0023


CVE

CVE-2006-3109


TITLE

Cisco CallManager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2006-004032

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. This issue is due to a failure in the web-interface to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting administrative user in the context of the affected site. This may help the attacker launch other attacks

Trust: 1.98

sources: NVD: CVE-2006-3109 // JVNDB: JVNDB-2006-004032 // BID: 18504 // VULHUB: VHN-19217

AFFECTED PRODUCTS

vendor:ciscomodel:call managerscope:eqversion:3.3

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.3\(5\)es30

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(5\)sr2

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(2\)es33

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(3\)es61

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(5\)

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(4\)es25

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(5\)sr1

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:3.3\(3\)

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)es07

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)es32

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.2\(1\)

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)sr2

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.1\(2\)es55

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.2\(2\)

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)sr3

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.3\(1\)

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.3

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.2

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)sr1

Trust: 1.0

vendor:ciscomodel:call managerscope:ltversion:3.3

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:4.2(3)

Trust: 0.8

vendor:ciscomodel:call managerscope:ltversion:4.2

Trust: 0.8

vendor:ciscomodel:call managerscope:ltversion:4.3

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:4.1(3)sr4

Trust: 0.8

vendor:ciscomodel:call managerscope:ltversion:4.1

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:4.3(1)

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:3.3(5)sr3

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 0.6

vendor:ciscomodel:call manager sr2scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr1scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es32scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es24scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es07scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es55scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es50scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es33scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2cscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager sr2bscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es62scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es56scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es40scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager sr1ascope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es30scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es24scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(5)

Trust: 0.3

vendor:ciscomodel:call manager es25scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es61scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(3)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.1(2)

Trust: 0.3

vendor:ciscomodel:call managerscope:neversion:4.3(1)

Trust: 0.3

vendor:ciscomodel:call managerscope:neversion:4.2(3)

Trust: 0.3

vendor:ciscomodel:call manager 4.1 sr4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:call manager 3.3 sr3scope:neversion: -

Trust: 0.3

sources: BID: 18504 // JVNDB: JVNDB-2006-004032 // CNNVD: CNNVD-200606-379 // NVD: CVE-2006-3109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3109
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-3109
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200606-379
value: MEDIUM

Trust: 0.6

VULHUB: VHN-19217
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-3109
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-19217
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-19217 // JVNDB: JVNDB-2006-004032 // CNNVD: CNNVD-200606-379 // NVD: CVE-2006-3109

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-379

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200606-379

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-004032

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-19217

PATCH
title:tsd_products_security_response09186a0080url:http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html
Trust: 0.8
title:cisco-callmanager-web-xss(27225)url:http://xforce.iss.net/xforce/xfdb/27225
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-004032

EXTERNAL IDS
db:NVDid:CVE-2006-3109
Trust: 2.5
db:BIDid:18504
Trust: 2.0
db:VUPENid:ADV-2006-2443
Trust: 1.7
db:SECTRACKid:1016328
Trust: 1.7
db:OSVDBid:26651
Trust: 1.7
db:OSVDBid:26652
Trust: 1.7
db:SREASONid:1114
Trust: 1.7
db:SECUNIAid:20735
Trust: 1.7
db:JVNDBid:JVNDB-2006-004032
Trust: 0.8
db:CNNVDid:CNNVD-200606-379
Trust: 0.7
db:CISCOid:20060619 CISCO RESPONSE TO: INPUT VALIDATION/OUTPUT ENCODING VULNERABILITIES IN CISCO CALLMANAGER ALLOW SCRIPT INJECTION ATTACKS
Trust: 0.6
db:FULLDISCid:20060619 INPUT VALIDATION/OUTPUT ENCODING VULNERABILITIES IN CISCO CALLMANAGER ALLOW SCRIPT INJECTION ATTACKS
Trust: 0.6
db:FULLDISCid:20060620 RE: INPUT VALIDATION/OUTPUT ENCODING VULNERABILITIES IN CISCO CALLMANAGER ALLOW SCRIPT INJECTION ATTACKS
Trust: 0.6
db:BUGTRAQid:20060619 INPUT VALIDATION/OUTPUT ENCODING VULNERABILITIES IN CISCO CALLMANAGER ALLOW SCRIPT INJECTION ATTACKS
Trust: 0.6
db:XFid:27225
Trust: 0.6
db:SEEBUGid:SSVID-81642
Trust: 0.1
db:SEEBUGid:SSVID-81643
Trust: 0.1
db:EXPLOIT-DBid:28062
Trust: 0.1
db:EXPLOIT-DBid:28061
Trust: 0.1
db:VULHUBid:VHN-19217
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19217 // 
            
            
            
            BID: 18504 // 
            
            
            
            JVNDB: JVNDB-2006-004032 // 
            
            
            
            CNNVD: CNNVD-200606-379 // 
            
            
            
            NVD: CVE-2006-3109

REFERENCES
url:http://www.fishnetsecurity.com/csirt/disclosure/cisco/cisco+callmanager+xss+advisory.htm
Trust: 2.0
url:http://www.securityfocus.com/bid/18504
Trust: 1.7
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html
Trust: 1.7
url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-june/047015.html
Trust: 1.7
url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-june/047019.html
Trust: 1.7
url:http://www.osvdb.org/26651
Trust: 1.7
url:http://www.osvdb.org/26652
Trust: 1.7
url:http://securitytracker.com/id?1016328
Trust: 1.7
url:http://secunia.com/advisories/20735
Trust: 1.7
url:http://securityreason.com/securityalert/1114
Trust: 1.7
url:http://www.securityfocus.com/archive/1/437757/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/2443
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27225
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3109
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3109
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/437757/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/27225
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/2443
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
url:http://www.cisco.com/warp/public/707/cisco-sr-20060619-ccmxss.shtml
Trust: 0.3
url:/archive/1/437757
Trust: 0.3
sources:
            
            
            VULHUB: VHN-19217 // 
            
            
            
            BID: 18504 // 
            
            
            
            JVNDB: JVNDB-2006-004032 // 
            
            
            
            CNNVD: CNNVD-200606-379 // 
            
            
            
            NVD: CVE-2006-3109

CREDITS
Jake Reynolds of FishNet Security is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 18504 // 
            
            
            
            CNNVD: CNNVD-200606-379

SOURCES
db:VULHUBid:VHN-19217
db:BIDid:18504
db:JVNDBid:JVNDB-2006-004032
db:CNNVDid:CNNVD-200606-379
db:NVDid:CVE-2006-3109

LAST UPDATE DATE
2024-08-14T13:39:43.915000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-19217date:2018-10-18T00:00:00
db:BIDid:18504date:2006-06-20T20:10:00
db:JVNDBid:JVNDB-2006-004032date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200606-379date:2006-06-22T00:00:00
db:NVDid:CVE-2006-3109date:2018-10-18T16:45:49.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-19217date:2006-06-21T00:00:00
db:BIDid:18504date:2006-06-19T00:00:00
db:JVNDBid:JVNDB-2006-004032date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200606-379date:2006-06-20T00:00:00
db:NVDid:CVE-2006-3109date:2006-06-21T01:02:00