Lucene search

MitreCVE-2006-3109

HistoryJun 21, 2006 - 1:02 a.m.

CVE-2006-3109

2006-06-2101:02:00

mitre

web.nvd.nist.gov

cve-2006-3109

xss

cisco callmanager

security vulnerability

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

Affected configurations

Nvd

Node

ciscocall_managerMatch3.3

ciscocall_managerMatch3.3\(3\)

ciscocall_managerMatch3.3\(3\)es61

ciscocall_managerMatch3.3\(4\)es25

ciscocall_managerMatch3.3\(5\)

ciscocall_managerMatch3.3\(5\)es30

ciscocall_managerMatch3.3\(5\)sr1

ciscocall_managerMatch3.3\(5\)sr2

ciscocall_managerMatch4.1

ciscocall_managerMatch4.1\(2\)es33

ciscocall_managerMatch4.1\(2\)es55

ciscocall_managerMatch4.1\(3\)es07

ciscocall_managerMatch4.1\(3\)es32

ciscocall_managerMatch4.1\(3\)sr1

ciscocall_managerMatch4.1\(3\)sr2

ciscocall_managerMatch4.1\(3\)sr3

ciscocall_managerMatch4.2

ciscocall_managerMatch4.2\(1\)

ciscocall_managerMatch4.2\(2\)

ciscocall_managerMatch4.3

ciscocall_managerMatch4.3\(1\)

VendorProductVersionCPE
ciscocall_manager3.3cpe:2.3:h:cisco:call_manager:3.3:*:*:*:*:*:*:*
ciscocall_manager3.3(3)cpe:2.3:h:cisco:call_manager:3.3\(3\):*:*:*:*:*:*:*
ciscocall_manager3.3(3)es61cpe:2.3:h:cisco:call_manager:3.3\(3\)es61:*:*:*:*:*:*:*
ciscocall_manager3.3(4)es25cpe:2.3:h:cisco:call_manager:3.3\(4\)es25:*:*:*:*:*:*:*
ciscocall_manager3.3(5)cpe:2.3:h:cisco:call_manager:3.3\(5\):*:*:*:*:*:*:*
ciscocall_manager3.3(5)es30cpe:2.3:h:cisco:call_manager:3.3\(5\)es30:*:*:*:*:*:*:*
ciscocall_manager3.3(5)sr1cpe:2.3:h:cisco:call_manager:3.3\(5\)sr1:*:*:*:*:*:*:*
ciscocall_manager3.3(5)sr2cpe:2.3:h:cisco:call_manager:3.3\(5\)sr2:*:*:*:*:*:*:*
ciscocall_manager4.1cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*
ciscocall_manager4.1(2)es33cpe:2.3:h:cisco:call_manager:4.1\(2\)es33:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	call_manager	3.3	cpe:2.3:h:cisco:call_manager:3.3:::::::*
cisco	call_manager	3.3(3)	cpe:2.3:h:cisco:call_manager:3.3\(3\):::::::*
cisco	call_manager	3.3(3)es61	cpe:2.3:h:cisco:call_manager:3.3\(3\)es61:::::::*
cisco	call_manager	3.3(4)es25	cpe:2.3:h:cisco:call_manager:3.3\(4\)es25:::::::*
cisco	call_manager	3.3(5)	cpe:2.3:h:cisco:call_manager:3.3\(5\):::::::*
cisco	call_manager	3.3(5)es30	cpe:2.3:h:cisco:call_manager:3.3\(5\)es30:::::::*
cisco	call_manager	3.3(5)sr1	cpe:2.3:h:cisco:call_manager:3.3\(5\)sr1:::::::*
cisco	call_manager	3.3(5)sr2	cpe:2.3:h:cisco:call_manager:3.3\(5\)sr2:::::::*
cisco	call_manager	4.1	cpe:2.3:h:cisco:call_manager:4.1:::::::*
cisco	call_manager	4.1(2)es33	cpe:2.3:h:cisco:call_manager:4.1\(2\)es33:::::::*

Rows per page:

1-10 of 211

References

lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html

lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html

secunia.com/advisories/20735

securityreason.com/securityalert/1114

securitytracker.com/id?1016328

www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html

www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm

www.osvdb.org/26651

www.osvdb.org/26652

www.securityfocus.com/archive/1/437757/100/0/threaded

www.securityfocus.com/bid/18504

www.vupen.com/english/advisories/2006/2443

exchange.xforce.ibmcloud.com/vulnerabilities/27225

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

Related for CVE-2006-3109