Sign-up

ID

VAR-200608-0476


CVE

CVE-2006-4032


TITLE

Cisco IOS CME In Session Initiation Protocol (SIP) Vulnerability to obtain important information from user directory

Trust: 0.8

sources: JVNDB: JVNDB-2006-001049

DESCRIPTION

Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. Cisco CallManager Express is prone to an information-disclosure vulnerability because the application fails to protect sensitive data from an attacker. An attacker could exploit this issue to retrieve potentially sensitive information that may aid in further attacks. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco CallManager Express SIP User Directory Disclosure SECUNIA ADVISORY ID: SA21335 VERIFY ADVISORY: http://secunia.com/advisories/21335/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: >From local network SOFTWARE: Cisco CallManager Express 3.x http://secunia.com/product/11230/ DESCRIPTION: A weakness has been reported in Cisco CallManager Express, which can be exploited by malicious people to disclose potentially sensitive information. This can be exploited to disclose the names of the users in the SIP user database by sending specially crafted SIP messages. SOLUTION: The vendor recommends implementing the VoIP (Voice over Internet Protocol) infrastructure and data devices on separate VLANs according to best security practices. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dave Endler and Mark Collier. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20060802-sip.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-4032 // JVNDB: JVNDB-2006-001049 // BID: 19309 // VULHUB: VHN-20140 // PACKETSTORM: 48803

AFFECTED PRODUCTS

vendor:ciscomodel:callmanager expressscope:eqversion:3.0

Trust: 1.9

vendor:ciscomodel:callmanager expressscope: - version: -

Trust: 0.8

sources: BID: 19309 // JVNDB: JVNDB-2006-001049 // CNNVD: CNNVD-200608-137 // NVD: CVE-2006-4032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4032
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-4032
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200608-137
value: MEDIUM

Trust: 0.6

VULHUB: VHN-20140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-4032
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20140
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-20140 // JVNDB: JVNDB-2006-001049 // CNNVD: CNNVD-200608-137 // NVD: CVE-2006-4032

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200608-137

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200608-137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001049

PATCH
title:cisco-sa-20060823-vpn3kurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060823-vpn3k
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001049

EXTERNAL IDS
db:NVDid:CVE-2006-4032
Trust: 2.5
db:BIDid:19309
Trust: 2.0
db:SECUNIAid:21335
Trust: 1.8
db:OSVDBid:27760
Trust: 1.7
db:SECTRACKid:1016627
Trust: 1.7
db:VUPENid:ADV-2006-3126
Trust: 1.7
db:JVNDBid:JVNDB-2006-001049
Trust: 0.8
db:CNNVDid:CNNVD-200608-137
Trust: 0.7
db:XFid:28185
Trust: 0.6
db:CISCOid:20060802 SIP USER DIRECTORY INFORMATION DISCLOSURE
Trust: 0.6
db:VULHUBid:VHN-20140
Trust: 0.1
db:PACKETSTORMid:48803
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20140 // 
            
            
            
            BID: 19309 // 
            
            
            
            JVNDB: JVNDB-2006-001049 // 
            
            
            
            PACKETSTORM: 48803 // 
            
            
            
            CNNVD: CNNVD-200608-137 // 
            
            
            
            NVD: CVE-2006-4032

REFERENCES
url:http://www.cisco.com/warp/public/707/cisco-sr-20060802-sip.shtml
Trust: 1.8
url:http://www.securityfocus.com/bid/19309
Trust: 1.7
url:http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#endler
Trust: 1.7
url:http://www.osvdb.org/27760
Trust: 1.7
url:http://securitytracker.com/id?1016627
Trust: 1.7
url:http://secunia.com/advisories/21335
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/3126
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/28185
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4032
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4032
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/28185
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/3126
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html
Trust: 0.3
url:http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6241/index.html
Trust: 0.3
url:/archive/1/440580
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/11230/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/21335/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20140 // 
            
            
            
            BID: 19309 // 
            
            
            
            JVNDB: JVNDB-2006-001049 // 
            
            
            
            PACKETSTORM: 48803 // 
            
            
            
            CNNVD: CNNVD-200608-137 // 
            
            
            
            NVD: CVE-2006-4032

CREDITS
The vendor credits Dave Endler with discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 19309 // 
            
            
            
            CNNVD: CNNVD-200608-137

SOURCES
db:VULHUBid:VHN-20140
db:BIDid:19309
db:JVNDBid:JVNDB-2006-001049
db:PACKETSTORMid:48803
db:CNNVDid:CNNVD-200608-137
db:NVDid:CVE-2006-4032

LAST UPDATE DATE
2024-08-14T15:35:56.190000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-20140date:2017-07-20T00:00:00
db:BIDid:19309date:2006-08-03T17:46:00
db:JVNDBid:JVNDB-2006-001049date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200608-137date:2006-08-10T00:00:00
db:NVDid:CVE-2006-4032date:2017-07-20T01:32:46.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-20140date:2006-08-09T00:00:00
db:BIDid:19309date:2006-08-02T00:00:00
db:JVNDBid:JVNDB-2006-001049date:2012-06-26T00:00:00
db:PACKETSTORMid:48803date:2006-08-10T00:40:54
db:CNNVDid:CNNVD-200608-137date:2006-08-09T00:00:00
db:NVDid:CVE-2006-4032date:2006-08-09T22:04:00