Cisco CallManager is the software-based call-processing component of
the Cisco IP telephony solution that extends enterprise telephony features and
functions to packet telephony network devices, such as IP phones, media
processing devices, voice-over-IP (VoIP) gateways, and multimedia applications.
The vulnerability described in this response exists in the web application
firewall used in CallManager. This feature is designed to prevent users from
entering malicious code into the input fields used in CallManager forms. The
vulnerability exists because the web application firewall fails to properly
sanitize some potentially malicious tags.
To exploit these issues an attacker must convince an authenticated user
to follow a specially crafted, malicious URL. A successful attack may result in
the execution of arbitrary script code in the user's web browser.
For additional information on cross-site scripting (XSS) attacks and
the methods used to exploit such vulnerabilities, please refer to the Cisco
Applied Intelligence Response "Understanding Cross-Site Scripting (XSS) Threat
Vectors," which is available at the following link:
The Cisco PSIRT is not aware of any malicious use of the vulnerability
described in this document.
This issue was reported to Cisco by Marc Ruef and Stefan Friedi from
scip AG. We would like to thank Marc Ruef and Stefan Friedi for bringing this
issue to our attention and for working with us toward coordinated disclosure of
the issue. We greatly appreciate the opportunity to work with researchers on
security vulnerabilities, and welcome the opportunity to review and assist in