CVE-2006-4032

Published: Aug 9, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.

Affected (1)

Products: Cisco: Callmanager Express

Cisco

1 product

Callmanager Express

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Callmanager Express	Version 3.0

References (16)

http://secunia.com/advisories/21335

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1016627

Source: cve@mitre.org

http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Endler

Source: cve@mitre.org

http://www.cisco.com/warp/public/707/cisco-sr-20060802-sip.shtml

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/27760

Source: cve@mitre.org

http://www.securityfocus.com/bid/19309

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3126

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28185

Source: cve@mitre.org

http://secunia.com/advisories/21335