Sign-up

ID

VAR-201705-3739


CVE

CVE-2017-6624


TITLE

Cisco IOS Software Cisco CallManager Express Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-003770

DESCRIPTION

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. Vendors have confirmed this vulnerability Bug ID CSCuy40939 It is released as.Information may be tampered with. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2017-6624 // JVNDB: JVNDB-2017-003770 // CNVD: CNVD-2017-06811 // BID: 98283 // VULHUB: VHN-114827

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06811

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.5(3)m

Trust: 0.8

vendor:ciscomodel:ios 15.5 mscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:callmanager expressscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-06811 // BID: 98283 // JVNDB: JVNDB-2017-003770 // CNNVD: CNNVD-201705-206 // NVD: CVE-2017-6624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6624
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6624
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06811
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-206
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114827
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6624
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06811
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114827
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6624
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06811 // VULHUB: VHN-114827 // JVNDB: JVNDB-2017-003770 // CNNVD: CNNVD-201705-206 // NVD: CVE-2017-6624

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-114827 // JVNDB: JVNDB-2017-003770 // NVD: CVE-2017-6624

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-206

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201705-206

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003770

PATCH
title:cisco-sa-20170503-cme1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1
Trust: 0.8
title:Cisco IOS Software Unauthorized Access Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/93845
Trust: 0.6
title:Cisco CallManager Express Cisco IOS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69836
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06811 // 
            
            
            
            JVNDB: JVNDB-2017-003770 // 
            
            
            
            CNNVD: CNNVD-201705-206

EXTERNAL IDS
db:NVDid:CVE-2017-6624
Trust: 3.4
db:BIDid:98283
Trust: 2.6
db:SECTRACKid:1038398
Trust: 1.7
db:JVNDBid:JVNDB-2017-003770
Trust: 0.8
db:CNNVDid:CNNVD-201705-206
Trust: 0.7
db:CNVDid:CNVD-2017-06811
Trust: 0.6
db:VULHUBid:VHN-114827
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06811 // 
            
            
            
            VULHUB: VHN-114827 // 
            
            
            
            BID: 98283 // 
            
            
            
            JVNDB: JVNDB-2017-003770 // 
            
            
            
            CNNVD: CNNVD-201705-206 // 
            
            
            
            NVD: CVE-2017-6624

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-cme1
Trust: 2.6
url:http://www.securityfocus.com/bid/98283
Trust: 1.7
url:http://www.securitytracker.com/id/1038398
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6624
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6624
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-06811 // 
            
            
            
            VULHUB: VHN-114827 // 
            
            
            
            BID: 98283 // 
            
            
            
            JVNDB: JVNDB-2017-003770 // 
            
            
            
            CNNVD: CNNVD-201705-206 // 
            
            
            
            NVD: CVE-2017-6624

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98283

SOURCES
db:CNVDid:CNVD-2017-06811
db:VULHUBid:VHN-114827
db:BIDid:98283
db:JVNDBid:JVNDB-2017-003770
db:CNNVDid:CNNVD-201705-206
db:NVDid:CVE-2017-6624

LAST UPDATE DATE
2025-04-20T23:13:07.016000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06811date:2017-05-17T00:00:00
db:VULHUBid:VHN-114827date:2019-10-03T00:00:00
db:BIDid:98283date:2017-05-18T16:18:00
db:JVNDBid:JVNDB-2017-003770date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-206date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6624date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06811date:2017-05-17T00:00:00
db:VULHUBid:VHN-114827date:2017-05-03T00:00:00
db:BIDid:98283date:2017-05-03T00:00:00
db:JVNDBid:JVNDB-2017-003770date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-206date:2017-05-08T00:00:00
db:NVDid:CVE-2017-6624date:2017-05-03T21:59:00.200