CVE-2006-0367

Name of the Vulnerable Software and Affected Versions Cisco CallManager versions 3.2 and earlier Cisco CallManager version 3.3 before 3.3(5)SR1 Cisco CallManager version 4.0 before 4.0(2a)SR2c Cisco CallManager version 4.1 before 4.1(3)SR2

Description The issue allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a crafted URL on the CCMAdmin web page.

Recommendations For Cisco CallManager versions 3.2 and earlier, update to a version later than 3.2. For Cisco CallManager version 3.3, update to 3.3(5)SR1 or later. For Cisco CallManager version 4.0, update to 4.0(2a)SR2c or later. For Cisco CallManager version 4.1, update to 4.1(3)SR2 or later.