CVE-2017-6624

Summary

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.

Affected Software

VendorProductVersion RangeStatus
n/aCisco CallManager ExpressCisco CallManager Expressaffected

Weaknesses

  • CWE-264: CWE-264

ADP Enrichment

CVE Program Container

Additional References

References