CVE-2006-0367

CWE-2644 documents4 sources

Severity

6.5MEDIUM

EPSS

1.2%

top 20.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Call Manager

Timeline

PublishedJan 22

Latest updateMay 1

Description

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/call_manager18 versions+17

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-frmh-p5vf-w2c9: Unspecified vulnerability in Cisco CallManager 3↗2022-05-01

▶

CVEList

CVE-2006-0367: Unspecified vulnerability in Cisco CallManager 3↗2006-01-22

▶

📋Vendor Advisories

Cisco

Cisco Call Manager Privilege Escalation↗2006-01-18

▶