TUCoPS :: Cisco :: tb11026.htm

Cisco CallManager 4.1 Input Validation Vulnerability
Cisco CallManager 4.1 Input Validation Vulnerability
Cisco CallManager 4.1 Input Validation Vulnerability


Cisco CallManager 4.1 Input Validation Vulnerability

scip AG Vulnerability ID 2977 (03/13/2007)
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 

I. INTRODUCTION

Cisco CallManager, short CCM, is a professional voice-over-IP solution
that tracks active components, including among others phones, gateways,
conference bridges, transcoding resources and voicemail boxes.

II. DESCRIPTION

Marc Ruef and Stefan Friedli found a web-based vulnerability that was
identified in Cisco CallManager 4.1 and may affect earlier versions as well.

The web interface of the application fails to properly santisize data
supplied by the search-form before displaying it back to the user.
Though several filters are in place to prevent the injection of