CVE-2006-2166
published 2006-05-04CVE-2006-2166: Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module…
PriorityP418low2.1CVSS 2.0
AVNACHAuSCNIPAN
EPSS
1.62%
73.0th percentile
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unity_express_expired_password_reset | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Unity Express Expired Password Reset Privilege Escalation
vendor_cisco·2006-05-01
CVE-2006-2166 CWE-264 Cisco Unity Express Expired Password Reset Privilege Escalation
Cisco Unity Express Expired Password Reset Privilege Escalation
Cisco Unity Express (CUE) contains a vulnerability that might allow an authenticated user to change the password for another user by using the HTTP management interface, if the password for the user being modified is marked as expired. This can result in a privilege escalation attack and complete administrative control of a CUE module, if the password being changed belongs to an administrator.
There are mitigations for this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060501-cue.
Cisco
Cisco Unity Express Expired Password Reset Privilege Escalation
vendor_cisco
CVE-2006-2166 Cisco Unity Express Expired Password Reset Privilege Escalation
CVE-2006-2166: Cisco Unity Express Expired Password Reset Privilege Escalation
Cisco Unity Express (CUE) contains a vulnerability that might allow an authenticated user to change the password for another user by using the HTTP management interface, if the password for the user being modified is marked as expired. This can result in a privilege escalation attack and complete administrative control of a CUE module, if the password being changed belongs to an administrator. There are mitigations for this vulnerability. Cisco has made free software available to address this vulnerability for affected customers. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060501-cue .
CWE: CWE-264, CWE-264
Bug IDs: CSCsd50387
GHSA
GHSA-6g6q-2h84-3ph5: Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2
ghsa_unreviewed·2022-05-01
CVE-2006-2166 [LOW] GHSA-6g6q-2h84-3ph5: Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/19881http://securitytracker.com/id?1016015http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtmlhttp://www.osvdb.org/25165http://www.securityfocus.com/bid/17775http://www.vupen.com/english/advisories/2006/1613https://exchange.xforce.ibmcloud.com/vulnerabilities/26165http://secunia.com/advisories/19881http://securitytracker.com/id?1016015http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtmlhttp://www.osvdb.org/25165http://www.securityfocus.com/bid/17775http://www.vupen.com/english/advisories/2006/1613https://exchange.xforce.ibmcloud.com/vulnerabilities/26165
2006-05-04
Published