Description
Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."
Affected products
- Cisco / call_manager1.0 – 1.0
- Cisco / call_manager2.0 – 2.0
- Cisco / call_manager3.0 – 3.0
- Cisco / call_manager3.1 – 3.1
- Cisco / call_manager3.1(2) – 3.1(2)
- Cisco / call_manager3.1(3a) – 3.1(3a)
- Cisco / call_manager3.2 – 3.2
- Cisco / call_manager3.3 – 3.3
- Cisco / call_manager3.3(3) – 3.3(3)
- Cisco / call_manager3.3(3)es61 – 3.3(3)es61
- Cisco / call_manager3.3(4)es25 – 3.3(4)es25
- Cisco / call_manager3.3(5) – 3.3(5)
- Cisco / call_manager4.0 – 4.0
- Cisco / call_manager4.0(2a)es40 – 4.0(2a)es40
- Cisco / call_manager4.0(2a)sr2b – 4.0(2a)sr2b
- Cisco / call_manager4.1(2)es33 – 4.1(2)es33
- Cisco / call_manager4.1(3)es07 – 4.1(3)es07
- Cisco / call_manager4.1(3)sr1 – 4.1(3)sr1
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/18501
- VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml
- MISChttp://www.securityfocus.com/bid/16293
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/24172
- MISChttp://securitytracker.com/id?1015502
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0250
- MISChttp://www.osvdb.org/22621