CVE-2017-6624

MEDIUM

Cisco Ios - Authentication Bypass

Title source: rule

Description

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.

References (3)

Scores

CVSS v3 5.3
EPSS 0.0029
EPSS Percentile 52.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-287 CWE-264
Status draft

Affected Products (1)

cisco/ios

Timeline

Published May 03, 2017
Tracked Since Feb 18, 2026