PT-2006-4007 · Cisco · Cisco Callmanager

Arian Evans

Published

2006-06-21

Updated

2018-10-18

CVE-2006-3109

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco CallManager versions 3.3 before 3.3(5)SR3 Cisco CallManager versions 4.1 before 4.1(3)SR4 Cisco CallManager versions 4.2 before 4.2(3) Cisco CallManager versions 4.3 before 4.3(1)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the pattern parameter in "ccmadmin/phonelist.asp" and arbitrary parameters in "ccmuser/logon.asp".

Recommendations For Cisco CallManager version 3.3, update to 3.3(5)SR3 or later. For Cisco CallManager version 4.1, update to 4.1(3)SR4 or later. For Cisco CallManager version 4.2, update to 4.2(3) or later. For Cisco CallManager version 4.3, update to 4.3(1) or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3109

Affected Products

Cisco Callmanager

PT-2006-4007 · Cisco · Cisco Callmanager

CVE-2006-3109

Related Identifiers

Affected Products

References · 16