Password Reset Vulnerability in Cisco Unity Express Management Interface
CVE-2006-2166

Currently unrated

Key Information:

Vendor: Cisco
Status: Unity Express Software; Unity Express
Vendor: CVE Published:; 4 May 2006

Summary

An unspecified vulnerability exists in the HTTP management interface of Cisco Unity Express 2.2(2) and earlier versions. This flaw allows remote authenticated attackers to reset passwords for any user whose password has expired, potentially enabling unauthorized access to the system. The exploitation of this vulnerability can result in a significant security breach, affecting the integrity of user accounts within the system.

References

http://secunia.com/advisories/19881

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/1613

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/25165

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 4, 2006
Vulnerability Reserved
May 3, 2006