Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
BID:26106
Info
Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
| Bugtraq ID: | 26106 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5539 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Oct 31 2007 07:36PM |
| Credit: | The vendor discovered this issue during customer support case resolution. |
| Vulnerable: |
Cisco Unified ICM Hosted (Unified ICMH) 7.1(5) Cisco Unified ICM Enterprise (Unified ICME) 7.1(5) Cisco Unified Contact Center Hosted (UCCH) 7.1(5) Cisco Unified Contact Center Enterprise (UCCE) 7.1(5) Cisco System Unified Contact Center Enterprise (SUCCE) 7.1(5) |
| Not Vulnerable: |
Cisco Unified ICM Hosted (Unified ICMH) ICM7.1(5)_ES46 Cisco Unified ICM Enterprise (Unified ICME) ICM7.1(5)_ES46 Cisco Unified ICM Enterprise (Unified ICME) 7.2(3) Cisco Unified Contact Center Hosted (UCCH) ICM7.1(5)_ES46 Cisco Unified Contact Center Hosted (UCCH) 7.2(3) Cisco Unified Contact Center Enterprise (UCCE) ICM7.1(5)_ES46 Cisco Unified Contact Center Enterprise (UCCE) 7.2(3) Cisco System Unified Contact Center Enterprise (SUCCE) ICM7.1(5)_ES46 |
Discussion
Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
Cisco Unified Communications Management Applications are prone to a privilege-escalation vulnerability.
Attackers can exploit this issue to gain unauthorized access to the web-based reporting and script-monitoring tool and the web-based configuration tool.
Attackers can gain access to potentially sensitive information and change the application configuration (including application rights). Information harvested may aid in further attacks.
Cisco Unified Communications Management Applications are prone to a privilege-escalation vulnerability.
Attackers can exploit this issue to gain unauthorized access to the web-based reporting and script-monitoring tool and the web-based configuration tool.
Attackers can gain access to potentially sensitive information and change the application configuration (including application rights). Information harvested may aid in further attacks.
Exploit / POC
Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
Attackers can exploit this issue by gaining access to user accounts defined by the Windows Active Directory domain.
Attackers can exploit this issue by gaining access to user accounts defined by the Windows Active Directory domain.
Solution / Fix
Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
References
Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
References:
References:
- Cisco Unified Communications Homepage (Cisco)
- Contact Center and ICM Maintenance Software Download Page (Cisco)
- Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulne ( Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulne (Cisco)