Executive Summary

Summary
Title Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
Informations
Name cisco-sa-20090311-cucmpab First vendor Publication 2008-12-10
Vendor Cisco Last vendor Modification 2009-03-11
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Unified Communications Manager, formerly CallManager, contains a privilege escalation vulnerability in the IP Phone Personal Address Book (PAB) Synchronizer feature that may allow an attacker to gain complete administrative access to a vulnerable Cisco Unified Communications Manager system. If Cisco Unified Communications Manager is integrated with an external directory service, it may be possible for an attacker to leverage the privilege escalation vulnerability to gain access to additional systems configured to use the directory service for authentication.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20090311-cucmpab.shtml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 30

OpenVAS Exploits

Date Description
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52589 Cisco Unified Communications Manager IP Phone PAB Disclosure Privilege Escala...