Search criteria

9 vulnerabilities found for unity_express_software by cisco

FKIE_CVE-2013-1114

Vulnerability from fkie_nvd - Published: 2013-02-13 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114Vendor Advisory
Impacted products
Vendor Product Version
cisco unity_express_software *
cisco unity_express_software 1.1.1
cisco unity_express_software 1.1.2
cisco unity_express_software 2.0
cisco unity_express_software 2.1
cisco unity_express_software 2.1.1
cisco unity_express_software 2.1.2
cisco unity_express_software 2.2
cisco unity_express_software 2.2.2
cisco unity_express_software 2.3
cisco unity_express_software 3.0
cisco unity_express_software 3.1
cisco unity_express_software 3.2
cisco unity_express_software 7.0
cisco unity_express_software 7.1
cisco unity_express_software 7.2
cisco unity_express_software 7.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83721592-B28F-4CB5-9E0B-A9E96573DC38",
              "versionEndIncluding": "7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A700B4B-49E6-4F98-8094-ED6FB7841A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC3A8B0-179F-4B87-857A-D13701939249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17ECC993-69F5-43A6-AE9C-7ED2C33F56B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31397846-474A-46B3-8210-ADC20B93E4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3A87C6F-5309-4F22-8773-36040CCCFC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F42A5CA-B20F-45B2-A5B2-3FFDEFE7CBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CE1AB1-1745-4C19-B3AC-72A033D69F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7594535-B2F5-44A1-B643-B34AE4570607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6DA8D8-803A-4F76-83A0-D10D24192306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3938819-EB36-4404-99D3-851061479D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C327C5-F673-4630-84AE-E0D583E235C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82C2B8A-7CD6-4F4D-BF1C-A0D48B069D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23AC34EA-3AB3-4BBD-9AF1-F00925957F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9B3369-DA45-4619-B965-0FC87725239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBFE2A66-F021-403F-9DA7-D5FB2F24D406",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
    },
    {
      "lang": "es",
      "value": "Multiple cross-site scripting (XSS) en Cisco Unity Express antes v8.0 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCud87527."
    }
  ],
  "id": "CVE-2013-1114",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-13T23:55:01.227",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-1120

Vulnerability from fkie_nvd - Published: 2013-02-06 12:05 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120Vendor Advisory
Impacted products
Vendor Product Version
cisco unity_express_software *
cisco unity_express_software 1.1.1
cisco unity_express_software 1.1.2
cisco unity_express_software 2.0
cisco unity_express_software 2.1
cisco unity_express_software 2.2
cisco unity_express_software 2.3
cisco unity_express_software 3.0
cisco unity_express_software 3.1
cisco unity_express_software 3.2
cisco unity_express_software 7.0
cisco unity_express_software 7.1
cisco unity_express_software 7.2
cisco unity_express_software 7.3
cisco unity_express *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83721592-B28F-4CB5-9E0B-A9E96573DC38",
              "versionEndIncluding": "7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A700B4B-49E6-4F98-8094-ED6FB7841A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC3A8B0-179F-4B87-857A-D13701939249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17ECC993-69F5-43A6-AE9C-7ED2C33F56B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F42A5CA-B20F-45B2-A5B2-3FFDEFE7CBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7594535-B2F5-44A1-B643-B34AE4570607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6DA8D8-803A-4F76-83A0-D10D24192306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3938819-EB36-4404-99D3-851061479D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C327C5-F673-4630-84AE-E0D583E235C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82C2B8A-7CD6-4F4D-BF1C-A0D48B069D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23AC34EA-3AB3-4BBD-9AF1-F00925957F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9B3369-DA45-4619-B965-0FC87725239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBFE2A66-F021-403F-9DA7-D5FB2F24D406",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7583D706-3702-4571-BD2C-527E5337F6E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cisco Unity Express con software anterior a v8.0 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios mediante vectores desconocidos. Bug ID CSCue35910."
    }
  ],
  "id": "CVE-2013-1120",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-06T12:05:43.833",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-2166

Vulnerability from fkie_nvd - Published: 2006-05-04 12:38 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
References
cve@mitre.orghttp://secunia.com/advisories/19881Patch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1016015
cve@mitre.orghttp://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtmlVendor Advisory
cve@mitre.orghttp://www.osvdb.org/25165
cve@mitre.orghttp://www.securityfocus.com/bid/17775
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1613
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/26165
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19881Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016015
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/25165
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17775
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1613
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/26165
Impacted products
Vendor Product Version
cisco unity_express_software 1.1.1
cisco unity_express_software 2.1.1
cisco unity_express_software 2.2.2
cisco unity_express *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31397846-474A-46B3-8210-ADC20B93E4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CE1AB1-1745-4C19-B3AC-72A033D69F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7583D706-3702-4571-BD2C-527E5337F6E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
    }
  ],
  "id": "CVE-2006-2166",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-04T12:38:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19881"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17775"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1613"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-1114 (GCVE-0-2013-1114)

Vulnerability from cvelistv5 – Published: 2013-02-13 23:00 – Updated: 2024-09-16 20:12
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-13T23:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1114",
    "datePublished": "2013-02-13T23:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-16T20:12:08.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1120 (GCVE-0-2013-1120)

Vulnerability from cvelistv5 – Published: 2013-02-06 11:00 – Updated: 2024-09-17 01:31
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-06T11:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1120",
    "datePublished": "2013-02-06T11:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-17T01:31:12.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2166 (GCVE-0-2006-2166)

Vulnerability from cvelistv5 – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/19881 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/1613 vdb-entryx_refsource_VUPEN
http://www.osvdb.org/25165 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://securitytracker.com/id?1016015 vdb-entryx_refsource_SECTRACK
http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/17775 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:27.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19881",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19881"
          },
          {
            "name": "ADV-2006-1613",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1613"
          },
          {
            "name": "25165",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25165"
          },
          {
            "name": "cisco-cue-privilege-escalation(26165)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
          },
          {
            "name": "1016015",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016015"
          },
          {
            "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
          },
          {
            "name": "17775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17775"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19881",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19881"
        },
        {
          "name": "ADV-2006-1613",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1613"
        },
        {
          "name": "25165",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25165"
        },
        {
          "name": "cisco-cue-privilege-escalation(26165)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
        },
        {
          "name": "1016015",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016015"
        },
        {
          "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
        },
        {
          "name": "17775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17775"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19881",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19881"
            },
            {
              "name": "ADV-2006-1613",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1613"
            },
            {
              "name": "25165",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25165"
            },
            {
              "name": "cisco-cue-privilege-escalation(26165)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
            },
            {
              "name": "1016015",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016015"
            },
            {
              "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
            },
            {
              "name": "17775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17775"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2166",
    "datePublished": "2006-05-04T10:00:00",
    "dateReserved": "2006-05-03T00:00:00",
    "dateUpdated": "2024-08-07T17:43:27.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1114 (GCVE-0-2013-1114)

Vulnerability from nvd – Published: 2013-02-13 23:00 – Updated: 2024-09-16 20:12
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-13T23:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130201 Cisco Unity Express Cross Site Scripting Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1114"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1114",
    "datePublished": "2013-02-13T23:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-16T20:12:08.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1120 (GCVE-0-2013-1120)

Vulnerability from nvd – Published: 2013-02-06 11:00 – Updated: 2024-09-17 01:31
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-06T11:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1120",
    "datePublished": "2013-02-06T11:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-17T01:31:12.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2166 (GCVE-0-2006-2166)

Vulnerability from nvd – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/19881 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/1613 vdb-entryx_refsource_VUPEN
http://www.osvdb.org/25165 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://securitytracker.com/id?1016015 vdb-entryx_refsource_SECTRACK
http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/17775 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:27.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19881",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19881"
          },
          {
            "name": "ADV-2006-1613",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1613"
          },
          {
            "name": "25165",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25165"
          },
          {
            "name": "cisco-cue-privilege-escalation(26165)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
          },
          {
            "name": "1016015",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016015"
          },
          {
            "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
          },
          {
            "name": "17775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17775"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19881",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19881"
        },
        {
          "name": "ADV-2006-1613",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1613"
        },
        {
          "name": "25165",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25165"
        },
        {
          "name": "cisco-cue-privilege-escalation(26165)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
        },
        {
          "name": "1016015",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016015"
        },
        {
          "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
        },
        {
          "name": "17775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17775"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19881",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19881"
            },
            {
              "name": "ADV-2006-1613",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1613"
            },
            {
              "name": "25165",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25165"
            },
            {
              "name": "cisco-cue-privilege-escalation(26165)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
            },
            {
              "name": "1016015",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016015"
            },
            {
              "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
            },
            {
              "name": "17775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17775"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2166",
    "datePublished": "2006-05-04T10:00:00",
    "dateReserved": "2006-05-03T00:00:00",
    "dateUpdated": "2024-08-07T17:43:27.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}