Lucene search

[email protected]CVE-2006-4032

HistoryAug 09, 2006 - 10:04 p.m.

CVE-2006-4032

2006-08-0922:04:00

[email protected]

web.nvd.nist.gov

cisco

ios

callmanager

express

cme

vulnerability

remote

sip

nvd

cve-2006-4032

cscse92417

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

84.9%

JSON

Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.

Affected configurations

NVD

Node

ciscocallmanager_expressMatch3.0

CPENameOperatorVersion
cisco:callmanager_expresscisco callmanager expresseq3.0

CPE	Name	Operator	Version
cisco:callmanager_express	cisco callmanager express	eq	3.0

References

secunia.com/advisories/21335

securitytracker.com/id?1016627

www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Endler

www.cisco.com/warp/public/707/cisco-sr-20060802-sip.shtml

www.osvdb.org/27760

www.securityfocus.com/bid/19309

www.vupen.com/english/advisories/2006/3126

exchange.xforce.ibmcloud.com/vulnerabilities/28185

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for CVE-2006-4032

cvelist2 nvd2 cve1