Vulnerability Details CVE-2006-0367
Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.0%
CVSS Severity
CVSS v2 Score 6.5
References
- http://secunia.com/advisories/18501
- http://securitytracker.com/id?1015502
- http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml
- http://www.osvdb.org/22621
- http://www.securityfocus.com/bid/16293
- http://www.vupen.com/english/advisories/2006/0250
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24172
- http://secunia.com/advisories/18501
- http://securitytracker.com/id?1015502
- http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml
- http://www.osvdb.org/22621
- http://www.securityfocus.com/bid/16293
- http://www.vupen.com/english/advisories/2006/0250
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24172
Products affected by CVE-2006-0367
-
cpe:2.3:h:cisco:call_manager:1.0
-
cpe:2.3:h:cisco:call_manager:2.0
-
cpe:2.3:h:cisco:call_manager:3.0
-
cpe:2.3:h:cisco:call_manager:3.1
-
cpe:2.3:h:cisco:call_manager:3.1(2)
-
cpe:2.3:h:cisco:call_manager:3.1(3a)
-
cpe:2.3:h:cisco:call_manager:3.2
-
cpe:2.3:h:cisco:call_manager:3.3
-
cpe:2.3:h:cisco:call_manager:3.3(3)
-
cpe:2.3:h:cisco:call_manager:3.3(3)es61
-
cpe:2.3:h:cisco:call_manager:3.3(4)es25
-
cpe:2.3:h:cisco:call_manager:3.3(5)
-
cpe:2.3:h:cisco:call_manager:4.0
-
cpe:2.3:h:cisco:call_manager:4.0(2a)es40
-
cpe:2.3:h:cisco:call_manager:4.0(2a)sr2b
-
cpe:2.3:h:cisco:call_manager:4.1(2)es33
-
cpe:2.3:h:cisco:call_manager:4.1(3)es07
-
cpe:2.3:h:cisco:call_manager:4.1(3)sr1