[cisco-voip] all CCME GUI users are all admins!! :(

Paul Choi asobihoudai at yahoo.com
Mon Feb 4 18:00:09 EST 2008 

Wes,

Strangely after I configured everyone's password as
null in the router and logged in with one user, users
rights were properly limited again. I think I'll just
stick to using the CUE GUI for everything since it
makes users change their password on the first login.

Thanks for your help!

Paul

--- Wes Sisk <wsisk at cisco.com> wrote:


---------------------------------
  Paul,
This is what i was getting at:

CSCed03134 CME http directory traversal vulnerability
with matchedenable psswd

Symptom:

When a Cisco device is running IOS and configured for
CallManagerExpress (CME) or ITS, The URL 
http://x.x.x.x/telephony-service allows configuration
of CME/ITSparameters.

Condition:

The user can browse to the device and,  with the
enable password, canmake changes to CME/ITS 
settings.

Workaround:  

Configure local or AAA authentication:

"ip http authentication [local | tacacs]"

/Wes

Wes Sisk wrote:  
Is the user's password the same as the IOS secret
passwd?/wesPaul Choi wrote:  
      
CCME 4.112.4(15)T1Hi there, as the title says, I login
as a regularnon-admin user to the CCME GUI and the
user has adminprivileges. I had another installation
with a similarsetup but the user logins worked without
issue. Doesanybody know what I'm doing wrong or if
this is a bug?Help! Paul     
____________________________________________________________________________________Looking
for last minute shopping deals?  Find them fast with
Yahoo! Search. 
http://tools.search.yahoo.com/newsearch/category.php?category=shopping_______________________________________________cisco-voip
mailing
listcisco-voip at puck.nether.nethttps://puck.nether.net/mailman/listinfo/cisco-voip
     
    
_______________________________________________cisco-voip
mailing
listcisco-voip at puck.nether.nethttps://puck.nether.net/mailman/listinfo/cisco-voip
 




      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the cisco-voip mailing list