CVE-2006-0367

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."

Published: Jan 22, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0367
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / call_manager	4.1(3)es07	4.1(3)es07.x
cisco / call_manager	3.0	3.0.x
cisco / call_manager	3.1(3a)	3.1(3a).x
cisco / call_manager	1.0	1.0.x
cisco / call_manager	3.3(5)	3.3(5).x
cisco / call_manager	4.1(3)sr1	4.1(3)sr1.x
cisco / call_manager	3.3(3)es61	3.3(3)es61.x
cisco / call_manager	3.3(4)es25	3.3(4)es25.x
cisco / call_manager	3.2	3.2.x
cisco / call_manager	3.1(2)	3.1(2).x
cisco / call_manager	4.0(2a)es40	4.0(2a)es40.x
cisco / call_manager	3.3	3.3.x
cisco / call_manager	2.0	2.0.x
cisco / call_manager	3.1	3.1.x
cisco / call_manager	4.0	4.0.x
cisco / call_manager	4.1(2)es33	4.1(2)es33.x
cisco / call_manager	3.3(3)	3.3(3).x
cisco / call_manager	4.0(2a)sr2b	4.0(2a)sr2b.x

Vulnerability Database

289,599

CVE-2006-0367