CVE-2017-6624Improper Authentication in Cisco IOS

CWE-264CWE-287Improper Authentication4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 47.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMay 3
Latest updateMay 13

Description

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDcisco/ios15.5\(3\)m

🔴Vulnerability Details

2
GHSA
GHSA-7wfp-wp4q-449j: A vulnerability in Cisco IOS 152022-05-13
CVEList
CVE-2017-6624: A vulnerability in Cisco IOS 152017-05-03

📋Vendor Advisories

1
Cisco
Cisco CallManager Express Unauthorized Access Vulnerability2017-05-03
CVE-2017-6624 — Improper Authentication in Cisco IOS | cvebase