A vulnerability in Cisconbsp;IOS Software for Cisco CallManager Expressnbsp;(CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls.

The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software.

An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1
A vulnerability in Cisconbsp;IOS Software for Cisco CallManager Expressnbsp;(CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls.

The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software.

An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1

Security Impact Rating: Medium

CVE: CVE-2017-6624

Leave a Reply