Unauthenticated User Account Creation Vulnerability in Cisco Unified Intelligence Center
CVE-2016-6426

7.5HIGH

Key Information:

Vendor
Cisco
Status
Unified Contact Center Express
Unified Intelligence Center
Vendor
CVE Published:
5 October 2016

Summary

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) versions 8.5.4 to 9.1(1) enables remote attackers to create user accounts by accessing unspecified web pages. This vulnerability is also associated with Unified Contact Center Express versions 10.0(1) through 11.0(1), raising concerns regarding unauthorized user access and the potential for security breaches.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1036952
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/93420
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.