Cisco CallManager / Unified Communications Manager privilege escalation

[EN] securityvulns.ru
no-pyccku

Cisco CallManager / Unified Communications Manager privilege escalation
Published: 12.03.2009
Source: BUGTRAQ
SecurityVulns ID: 9739
Type: remote
Level: 6/10
Description: During authentication process for address book synchronization, full access account credentials are leaked to client.

Affected: CISCO : Unified CallManager 4.1
CISCO : Unified Communications Manager 4.2
CISCO : Unified Communications Manager 4.3
CISCO : Unified Communications Manager 5.1
CISCO : Unified Communications Manager 6.1
CISCO : Unified Communications Manager 7.0
CVE: CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.)

Original document CISCO, Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability (12.03.2009)

Discuss: Read or add your comments to this news (0 comments)