var-200605-0543
Vulnerability from variot
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. Cisco Unity Express (CUE) is prone to a privilege-escalation vulnerability. An attacker could reset the password of a privileged account that has an expired password. Cisco Unity is an advanced unified communications solution for enterprise-level organizations that can provide powerful messaging services and intelligent voice messaging services. There is a loophole in Cisco Unity's handling of user authentication. Local attackers may use this loophole to elevate their privileges. Cisco Unity has a problem with the authentication process of the HTTP-based management interface. If the target user is an administrator, then An attacker could gain administrator privileges on the device.
TITLE: Cisco Unity Express Expired Password Change Vulnerability
SECUNIA ADVISORY ID: SA19881
VERIFY ADVISORY: http://secunia.com/advisories/19881/
CRITICAL: Less critical
IMPACT: Security Bypass, Manipulation of data
WHERE:
From local network
SOFTWARE: Cisco Unity Express 2.x http://secunia.com/product/5151/
DESCRIPTION: A vulnerability has been reported in Cisco Unity Express (CUE), which can be exploited by malicious users to manipulate certain information.
The vulnerability is caused due to missing restrictions in the HTTP management interface during password changes. This makes it possible for an authenticated user to change the password for another user with an expired password (including newly created users with blank/randomly selected passwords).
Successful exploitation may e.g. grant administrative privileges on a CUE module, if the changed expired password belongs to an administrative user.
SOLUTION: Update to version 2.3(1) or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/cue-231?psrtdcat20e2
PROVIDED AND/OR DISCOVERED BY: The vendor credits Xu He and Keith Vaughan, Bank of America Application Assessment Team.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0543",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unity express software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.1.1"
},
{
"model": "unity express software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.2.2"
},
{
"model": "unity express software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.1.1"
},
{
"model": "unity express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "unity express",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "unity express",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.1.1"
},
{
"model": "unity express",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.2.2"
},
{
"model": "unity express",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.1.1"
},
{
"model": "unity express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2(2)"
},
{
"model": "unity express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(1)"
},
{
"model": "unity express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(1)"
},
{
"model": "unity express",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3(1)"
}
],
"sources": [
{
"db": "BID",
"id": "17775"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
},
{
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Xu He and Keith Vaughan of the Bank of America Application Assessment Team.",
"sources": [
{
"db": "BID",
"id": "17775"
}
],
"trust": 0.3
},
"cve": "CVE-2006-2166",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-2166",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-18274",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2166",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-076",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-18274",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18274"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
},
{
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. Cisco Unity Express (CUE) is prone to a privilege-escalation vulnerability. An attacker could reset the password of a privileged account that has an expired password. Cisco Unity is an advanced unified communications solution for enterprise-level organizations that can provide powerful messaging services and intelligent voice messaging services. There is a loophole in Cisco Unity\u0027s handling of user authentication. Local attackers may use this loophole to elevate their privileges. Cisco Unity has a problem with the authentication process of the HTTP-based management interface. If the target user is an administrator, then An attacker could gain administrator privileges on the device. \n\nTITLE:\nCisco Unity Express Expired Password Change Vulnerability\n\nSECUNIA ADVISORY ID:\nSA19881\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19881/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Manipulation of data\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCisco Unity Express 2.x\nhttp://secunia.com/product/5151/\n\nDESCRIPTION:\nA vulnerability has been reported in Cisco Unity Express (CUE), which\ncan be exploited by malicious users to manipulate certain\ninformation. \n\nThe vulnerability is caused due to missing restrictions in the HTTP\nmanagement interface during password changes. This makes it possible\nfor an authenticated user to change the password for another user\nwith an expired password (including newly created users with\nblank/randomly selected passwords). \n\nSuccessful exploitation may e.g. grant administrative privileges on a\nCUE module, if the changed expired password belongs to an\nadministrative user. \n\nSOLUTION:\nUpdate to version 2.3(1) or later. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/cue-231?psrtdcat20e2\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Xu He and Keith Vaughan, Bank of America\nApplication Assessment Team. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2166"
},
{
"db": "BID",
"id": "17775"
},
{
"db": "VULHUB",
"id": "VHN-18274"
},
{
"db": "PACKETSTORM",
"id": "46024"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17775",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "19881",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-1613",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "25165",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016015",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2166",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200605-076",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20060501 CISCO UNITY EXPRESS EXPIRED PASSWORD RESET PRIVILEGE ESCALATION",
"trust": 0.6
},
{
"db": "XF",
"id": "26165",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-18274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46024",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18274"
},
{
"db": "BID",
"id": "17775"
},
{
"db": "PACKETSTORM",
"id": "46024"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
},
{
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"id": "VAR-200605-0543",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18274"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:13:27.782000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17775"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/25165"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016015"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19881"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1613"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1613"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26165"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps5520/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19881/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5151/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/cue-231?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18274"
},
{
"db": "BID",
"id": "17775"
},
{
"db": "PACKETSTORM",
"id": "46024"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
},
{
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18274"
},
{
"db": "BID",
"id": "17775"
},
{
"db": "PACKETSTORM",
"id": "46024"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
},
{
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-18274"
},
{
"date": "2006-05-02T00:00:00",
"db": "BID",
"id": "17775"
},
{
"date": "2006-05-03T04:53:11",
"db": "PACKETSTORM",
"id": "46024"
},
{
"date": "2006-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-076"
},
{
"date": "2006-05-04T12:38:00",
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-18274"
},
{
"date": "2006-05-02T23:05:00",
"db": "BID",
"id": "17775"
},
{
"date": "2006-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-076"
},
{
"date": "2024-11-21T00:10:42.420000",
"db": "NVD",
"id": "CVE-2006-2166"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unity Express User Authentication Local privilege escalation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-076"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.