Privilege escalation in Unified Communications Manager (CallManager) - CVE-2017-6785
Published: August 16, 2017 / Updated: August 17, 2017
Vulnerability identifier: #VU7977
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6785
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Unified Communications Manager (CallManager)
Unified Communications Manager (CallManager)
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in configuration modification permissions validation for Cisco Unified Communications Manager due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. A remote attacker can send an authenticated, crafted HTTP request, perform a horizontal privilege escalation and modify the configuration of another user's information.
The weakness exists in configuration modification permissions validation for Cisco Unified Communications Manager due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. A remote attacker can send an authenticated, crafted HTTP request, perform a horizontal privilege escalation and modify the configuration of another user's information.
How to mitigate CVE-2017-6785
The vulnerability is addressed in the following versions: UCMAP.12.0(0.98000.333), UCMAP.11.6(2.10000.4), CUP.11.5(1.13900.34), CUC.12.0(0.97000.260), CCM.11.5(1.13900.34), CCM.11.5(1.13055.1), CCM.11.0(1.24077.1), CCM.10.5(2.16130.1), 12.0(0.98000.984), 12.0(0.98000.755).