Cisco CallManager CCMAdmin administrative privilege escalation

cisco-callmanager-ccmadmin-gain-priv (24172) The risk level is classified as HighHigh Risk

Description:

Cisco CallManager could allow a remote attacker to gain elevated privileges, caused by a vulnerability that exists when Multi Level Administration (MLA) is enabled. By sending a specially-crafted URL to the CCMAdmin Web page, a remote attacker with read-only administrative privileges could gain full administrative privileges on an affected version of Cisco CallManager.


Consequences:

Gain Privileges

Remedy:

Refer to Cisco Security Advisory cisco-sa-20060118-ccmpe for upgrade and workaround information. See References.

References:

  • Cisco CallManager Web page: Introduction.
  • cisco-sa-20060118-ccmpe: Cisco Security Advisory: Cisco Call Manager Privilege Escalation.
  • BID-16293: Cisco CallManager CCMAdmin Remote Privilege Escalation Vulnerability
  • CVE-2006-0367: Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a crafted URL on the CCMAdmin web page.
  • OSVDB ID: 22621: Cisco CallManager CCMAdmin Crafted URL Privilege Escalation
  • SA18501: Cisco Call Manager CCMAdmin Privilege Escalation
  • SECTRACK ID: 1015502: Cisco CallManager Bug Lets Read-Only Administrators Gain Full Administrator Privileges
  • VUPEN/ADV-2006-0250: Cisco Call Manager CCMAdmin Local Privilege Escalation Vulnerability

Platforms Affected:

  • Cisco CallManager 1.0
  • Cisco CallManager 2.0
  • Cisco CallManager 3.0
  • Cisco CallManager 3.1
  • Cisco CallManager 3.1(2)
  • Cisco CallManager 3.1(3A)
  • Cisco CallManager 3.2
  • Cisco CallManager 3.3
  • Cisco CallManager 3.3(3)
  • Cisco CallManager 3.3(3)ES61
  • Cisco CallManager 3.3(4)ES25
  • Cisco CallManager 3.3(5)
  • Cisco CallManager 4.0
  • Cisco CallManager 4.0(2A)ES40
  • Cisco CallManager 4.0(2A)SR2b
  • Cisco CallManager 4.1(2)ES33
  • Cisco CallManager 4.1(3)ES07
  • Cisco CallManager 4.1(3)SR1

Reported:

Jan 18, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page