Unauthorized Access Vulnerability in Cisco Unity Products
CVE-2004-1322

Currently unrated

Key Information:

Vendor: Cisco
Status: Unity Server
Vendor: CVE Published:; 15 December 2004

Summary

Cisco Unity versions 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, contain hard-coded usernames and passwords. This security flaw enables remote attackers to gain unauthorized access to the system, allowing them to modify configuration settings and potentially intercept both incoming and outgoing emails, thereby compromising sensitive information.

References

http://www.cisco.com/warp/public/707/cisco-sa-20041215-un...

vendor-advisoryx_refsource_CISCO

http://www.ciac.org/ciac/bulletins/p-060.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

http://www.securityfocus.com/bid/11954

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Jan 6, 2005
Vulnerability published
Dec 15, 2004