CVE-2006-4032

high

Description

Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28185

http://www.vupen.com/english/advisories/2006/3126

http://www.securityfocus.com/bid/19309

http://www.osvdb.org/27760

http://www.cisco.com/warp/public/707/cisco-sr-20060802-sip.shtml

http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Endler

http://securitytracker.com/id?1016627

http://secunia.com/advisories/21335

Details

Source: Mitre, NVD

Published: 2006-08-09

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00632

Detections

Analytics