Insecure Configuration in Cisco Unity 2.x and 3.x Allows Unauthorized International Calls
CVE-2002-1189

Currently unrated

Key Information:

Vendor: Cisco
Status: Unity Server
Vendor: CVE Published:; 11 October 2002

Summary

The default setup of Cisco Unity versions 2.x and 3.x contains an insecure configuration that fails to prevent international operator calls within its predefined restriction tables. This vulnerability permits authenticated users to exploit call forwarding features to make unauthorized international calls, potentially leading to significant telecommunication fraud.

References

http://www.iss.net/security_center/static/10282.php

vdb-entryx_refsource_XF

http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5896

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Oct 4, 2002