Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a crafted URL on the CCMAdmin web page.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Call_manager | Cisco | 1.0 (including) | 1.0 (including) |
| Call_manager | Cisco | 2.0 (including) | 2.0 (including) |
| Call_manager | Cisco | 3.0 (including) | 3.0 (including) |
| Call_manager | Cisco | 3.1 (including) | 3.1 (including) |
| Call_manager | Cisco | 3.1(2) (including) | 3.1(2) (including) |
| Call_manager | Cisco | 3.1(3a) (including) | 3.1(3a) (including) |
| Call_manager | Cisco | 3.2 (including) | 3.2 (including) |
| Call_manager | Cisco | 3.3 (including) | 3.3 (including) |
| Call_manager | Cisco | 3.3(3) (including) | 3.3(3) (including) |
| Call_manager | Cisco | 3.3(3)es61 (including) | 3.3(3)es61 (including) |
| Call_manager | Cisco | 3.3(4)es25 (including) | 3.3(4)es25 (including) |
| Call_manager | Cisco | 3.3(5) (including) | 3.3(5) (including) |
| Call_manager | Cisco | 4.0 (including) | 4.0 (including) |
| Call_manager | Cisco | 4.0(2a)es40 (including) | 4.0(2a)es40 (including) |
| Call_manager | Cisco | 4.0(2a)sr2b (including) | 4.0(2a)sr2b (including) |
| Call_manager | Cisco | 4.1(2)es33 (including) | 4.1(2)es33 (including) |
| Call_manager | Cisco | 4.1(3)es07 (including) | 4.1(3)es07 (including) |
| Call_manager | Cisco | 4.1(3)sr1 (including) | 4.1(3)sr1 (including) |