CVE-2006-0367

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a crafted URL on the CCMAdmin web page.

Affected Software

Name	Vendor	Start Version	End Version
Call_manager	Cisco	1.0 (including)	1.0 (including)
Call_manager	Cisco	2.0 (including)	2.0 (including)
Call_manager	Cisco	3.0 (including)	3.0 (including)
Call_manager	Cisco	3.1 (including)	3.1 (including)
Call_manager	Cisco	3.1(2) (including)	3.1(2) (including)
Call_manager	Cisco	3.1(3a) (including)	3.1(3a) (including)
Call_manager	Cisco	3.2 (including)	3.2 (including)
Call_manager	Cisco	3.3 (including)	3.3 (including)
Call_manager	Cisco	3.3(3) (including)	3.3(3) (including)
Call_manager	Cisco	3.3(3)es61 (including)	3.3(3)es61 (including)
Call_manager	Cisco	3.3(4)es25 (including)	3.3(4)es25 (including)
Call_manager	Cisco	3.3(5) (including)	3.3(5) (including)
Call_manager	Cisco	4.0 (including)	4.0 (including)
Call_manager	Cisco	4.0(2a)es40 (including)	4.0(2a)es40 (including)
Call_manager	Cisco	4.0(2a)sr2b (including)	4.0(2a)sr2b (including)
Call_manager	Cisco	4.1(2)es33 (including)	4.1(2)es33 (including)
Call_manager	Cisco	4.1(3)es07 (including)	4.1(3)es07 (including)
Call_manager	Cisco	4.1(3)sr1 (including)	4.1(3)sr1 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0367
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References