Vulnerabilities > CVE-2006-0367 - Remote Privilege Escalation vulnerability in Cisco CallManager CCMAdmin

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

NVD

Published: 2006-01-22

Updated: 2017-07-20

Summary

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco Call Manager 1.0 Cisco Call Manager 2.0 Cisco Call Manager 3.0 Cisco Call Manager 3.1 Cisco Call Manager 3.1\(2\) Cisco Call Manager 3.1\(3A\) Cisco Call Manager 3.2 Cisco Call Manager 3.3 Cisco Call Manager 3.3\(3\) Cisco Call Manager 3.3\(3\)Es61 Cisco Call Manager 3.3\(4\)Es25 Cisco Call Manager 3.3\(5\) Cisco Call Manager 4.0 Cisco Call Manager 4.0\(2A\)Es40 Cisco Call Manager 4.0\(2A\)Sr2B Cisco Call Manager 4.1\(2\)Es33 Cisco Call Manager 4.1\(3\)Es07 Cisco Call Manager 4.1\(3\)Sr1	18

Summary

Vulnerable Configurations

References