Cisco CallManager contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a read-only administrative user submits a specifically crafted URL to the CCMAdmin control panel, allowing them to gain full administrative access. This flaw may lead to a loss of integrity.
Remote / Network Access
Loss of Integrity
Voice over IP
The vendor has released a number of updates, which have been reported to fix this vulnerability. Users of version 3.2 are requested to migrate to version 3.3. An upgrade is required as there are no known workarounds.