Vulnerabilities > CVE-2006-2166 - Privilege Escalation vulnerability in Cisco Unity Express Expired Password

CVSS 2.1 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

cisco

NVD

Published: 2006-05-04

Updated: 2018-10-30

Summary

Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Unity Express Software 1.1.1 Cisco Unity Express Software 2.1.1 Cisco Unity Express Software 2.2.2	3
Hardware	Cisco Cisco Unity Express *	1

References

http://secunia.com/advisories/19881
http://securitytracker.com/id?1016015
http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml
http://www.osvdb.org/25165
http://www.securityfocus.com/bid/17775
http://www.vupen.com/english/advisories/2006/1613
https://exchange.xforce.ibmcloud.com/vulnerabilities/26165