Published: 04/05/2006 Updated: 30/10/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N

Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and previous versions, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated malicious users to reset the password for any user with an expired password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unity express
cisco unity express software 2.2.2
cisco unity express software 1.1.1
cisco unity express software 2.1.1

Cisco Unity Express (CUE) contains a vulnerability that might allow an authenticated user to change the password for another user by using the HTTP management interface, if the password for the user being modified is marked as expired This can result in a privilege escalation attack and complete administrative control of a CUE module, if the passw ...

NVD-CWE-Other http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml http://www.securityfocus.com/bid/17775 http://securitytracker.com/id?1016015 http://secunia.com/advisories/19881 http://www.osvdb.org/25165 http://www.vupen.com/english/advisories/2006/1613 https://exchange.xforce.ibmcloud.com/vulnerabilities/26165 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060501-cue

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2166

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect