Details of VAR-200705-0086

ID

VAR-200705-0086

CVE

CVE-2007-2832

TITLE

Cisco CallManager of Web Application firewall cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-002067

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. Cisco CallManager 4.1.1 is reported vulnerable; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2007-2832 // JVNDB: JVNDB-2007-002067 // BID: 24119 // VULHUB: VHN-26194

AFFECTED PRODUCTS

vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)es07	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(2\)es55	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.3\(1\)	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)es32	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(2\)es33	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2\(3\)sr1	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2\(3\)	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)es61	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(4\)es25	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)es30	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)sr2	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	before 4.1(3)sr5	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	lt	version:	4.2	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	lt	version:	4.3	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	eq	version:	4.3(1)sr1	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	lt	version:	4.1	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	eq	version:	4.2(3)sr2	Trust: 0.8
vendor:	phppgadmin	model:	phppgadmin	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.1 sr4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager 4.2 sr2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 4.3 sr1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified callmanager 3.3 sr3	scope:	ne	version:	-	Trust: 0.3

sources: BID: 24119 // JVNDB: JVNDB-2007-002067 // CNNVD: CNNVD-200705-460 // NVD: CVE-2007-2832

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2832
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-2832
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200705-460
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-26194
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-2832
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-26194
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26194 // JVNDB: JVNDB-2007-002067 // CNNVD: CNNVD-200705-460 // NVD: CVE-2007-2832

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2832

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-460

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200705-460

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002067

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-26194

PATCH

title:

Document ID: 604

url:

http://www.cisco.com/en/US/products/csr/cisco-sr-20070523-ccm.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-002067

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2832	Trust: 2.8
db:	BID	id:	24119	Trust: 2.0
db:	SECTRACK	id:	1018105	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1922	Trust: 1.7
db:	SECUNIA	id:	25377	Trust: 1.7
db:	OSVDB	id:	35337	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002067	Trust: 0.8
db:	XF	id:	34465	Trust: 0.6
db:	FULLDISC	id:	20070523 CISCO CALLMANAGER 4.1 INPUT VALIDATION VULNERABILITY	Trust: 0.6
db:	CISCO	id:	20070523 CISCO CALLMANAGER INPUT VALIDATION VULNERABILITY	Trust: 0.6
db:	MISC	id:	HTTP://WWW.SCIP.CH/CGI-BIN/SMSS/SHOWADVF.PL?ID=2977	Trust: 0.6
db:	CNNVD	id:	CNNVD-200705-460	Trust: 0.6
db:	SEEBUG	id:	SSVID-83536	Trust: 0.1
db:	EXPLOIT-DB	id:	30077	Trust: 0.1
db:	VULHUB	id:	VHN-26194	Trust: 0.1

sources: VULHUB: VHN-26194 // BID: 24119 // JVNDB: JVNDB-2007-002067 // CNNVD: CNNVD-200705-460 // NVD: CVE-2007-2832

REFERENCES

url:	http://www.securityfocus.com/bid/24119	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_response09186a0080849272.html	Trust: 1.7
url:	http://www.osvdb.org/35337	Trust: 1.7
url:	http://www.securitytracker.com/id?1018105	Trust: 1.7
url:	http://secunia.com/advisories/25377	Trust: 1.7
url:	http://marc.info/?l=full-disclosure&m=117993122727006&w=2	Trust: 1.6
url:	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/1922	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/34465	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2832	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2832	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/1922	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/34465	Trust: 0.6
url:	http://www.cisco.com/warp/public/cc/pd/nemnsw/callmn/index.shtml	Trust: 0.3
url:	/archive/1/469349	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sr-20070523-ccm.shtml	Trust: 0.3
url:	http://marc.info/?l=full-disclosure&m=117993122727006&w=2	Trust: 0.1

sources: VULHUB: VHN-26194 // BID: 24119 // JVNDB: JVNDB-2007-002067 // CNNVD: CNNVD-200705-460 // NVD: CVE-2007-2832

CREDITS

Marc Ruef and Stefan Friedli are credited with discovering this vulnerability.

Trust: 0.3

sources: BID: 24119

SOURCES

db:	VULHUB	id:	VHN-26194
db:	BID	id:	24119
db:	JVNDB	id:	JVNDB-2007-002067
db:	CNNVD	id:	CNNVD-200705-460
db:	NVD	id:	CVE-2007-2832

LAST UPDATE DATE

2025-04-10T23:25:05.933000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-26194	date:	2017-07-29T00:00:00
db:	BID	id:	24119	date:	2015-05-07T17:37:00
db:	JVNDB	id:	JVNDB-2007-002067	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200705-460	date:	2007-05-24T00:00:00
db:	NVD	id:	CVE-2007-2832	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-26194	date:	2007-05-24T00:00:00
db:	BID	id:	24119	date:	2007-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2007-002067	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200705-460	date:	2007-05-23T00:00:00
db:	NVD	id:	CVE-2007-2832	date:	2007-05-24T02:30:00