Vulnerability-Lookup

CVE-2006-2166 (GCVE-0-2006-2166)

Vulnerability from cvelistv5 – Published: 2006-05-04 10:00 – Updated: 2024-08-07 17:43

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
http://secunia.com/advisories/19881	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/1613	vdb-entryx_refsource_VUPEN
http://www.osvdb.org/25165	vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://securitytracker.com/id?1016015	vdb-entryx_refsource_SECTRACK
http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/17775	vdb-entryx_refsource_BID

Date Public

2006-05-01 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:27.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19881",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19881"
          },
          {
            "name": "ADV-2006-1613",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1613"
          },
          {
            "name": "25165",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25165"
          },
          {
            "name": "cisco-cue-privilege-escalation(26165)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
          },
          {
            "name": "1016015",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016015"
          },
          {
            "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
          },
          {
            "name": "17775",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17775"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19881",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19881"
        },
        {
          "name": "ADV-2006-1613",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1613"
        },
        {
          "name": "25165",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25165"
        },
        {
          "name": "cisco-cue-privilege-escalation(26165)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
        },
        {
          "name": "1016015",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016015"
        },
        {
          "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
        },
        {
          "name": "17775",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17775"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19881",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19881"
            },
            {
              "name": "ADV-2006-1613",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1613"
            },
            {
              "name": "25165",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25165"
            },
            {
              "name": "cisco-cue-privilege-escalation(26165)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
            },
            {
              "name": "1016015",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016015"
            },
            {
              "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
            },
            {
              "name": "17775",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17775"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2166",
    "datePublished": "2006-05-04T10:00:00.000Z",
    "dateReserved": "2006-05-03T00:00:00.000Z",
    "dateUpdated": "2024-08-07T17:43:27.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2006-2166",
      "date": "2026-05-28",
      "epss": "0.00496",
      "percentile": "0.66073"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05328FC0-D20B-44AD-A72B-19D125553067\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31397846-474A-46B3-8210-ADC20B93E4A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68CE1AB1-1745-4C19-B3AC-72A033D69F87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7583D706-3702-4571-BD2C-527E5337F6E1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.\"}]",
      "id": "CVE-2006-2166",
      "lastModified": "2024-11-21T00:10:42.420",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:S/C:N/I:P/A:N\", \"baseScore\": 2.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-05-04T12:38:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19881\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016015\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/25165\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17775\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1613\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26165\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19881\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016015\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/25165\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17775\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1613\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26165\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2166\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-04T12:38:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05328FC0-D20B-44AD-A72B-19D125553067\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31397846-474A-46B3-8210-ADC20B93E4A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CE1AB1-1745-4C19-B3AC-72A033D69F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7583D706-3702-4571-BD2C-527E5337F6E1\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19881\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016015\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/25165\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17775\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1613\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26165\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19881\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016015\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/25165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-2166

Vulnerability from fkie_nvd - Published: 2006-05-04 12:38 - Updated: 2026-04-16 00:27

Severity

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19881	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016015
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/25165
cve@mitre.org	http://www.securityfocus.com/bid/17775
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1613
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26165
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19881	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016015
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25165
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17775
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1613
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26165

Impacted products

Vendor	Product	Version
cisco	unity_express_software	1.1.1
cisco	unity_express_software	2.1.1
cisco	unity_express_software	2.2.2
cisco	unity_express	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31397846-474A-46B3-8210-ADC20B93E4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CE1AB1-1745-4C19-B3AC-72A033D69F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7583D706-3702-4571-BD2C-527E5337F6E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
    }
  ],
  "id": "CVE-2006-2166",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-04T12:38:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19881"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17775"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1613"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6G6Q-2H84-3PH5

Vulnerability from github – Published: 2022-05-01 06:56 – Updated: 2022-05-01 06:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2166"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-04T12:38:00Z",
    "severity": "LOW"
  },
  "details": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.",
  "id": "GHSA-6g6q-2h84-3ph5",
  "modified": "2022-05-01T06:56:30Z",
  "published": "2022-05-01T06:56:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2166"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19881"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016015"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25165"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17775"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1613"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-2166

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2166

Aliases

CVE-2006-2166

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2166",
    "description": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.",
    "id": "GSD-2006-2166"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2166"
      ],
      "details": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.",
      "id": "GSD-2006-2166",
      "modified": "2023-12-13T01:19:52.854443Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2166",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "19881",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19881"
          },
          {
            "name": "ADV-2006-1613",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1613"
          },
          {
            "name": "25165",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25165"
          },
          {
            "name": "cisco-cue-privilege-escalation(26165)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
          },
          {
            "name": "1016015",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016015"
          },
          {
            "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
          },
          {
            "name": "17775",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17775"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2166"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060501 Cisco Unity Express Expired Password Reset Privilege Escalation",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
            },
            {
              "name": "17775",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17775"
            },
            {
              "name": "1016015",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016015"
            },
            {
              "name": "19881",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19881"
            },
            {
              "name": "25165",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25165"
            },
            {
              "name": "ADV-2006-1613",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1613"
            },
            {
              "name": "cisco-cue-privilege-escalation(26165)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2006-05-04T12:38Z"
    }
  }
}

VAR-200605-0543

Vulnerability from variot - Updated: 2023-12-18 13:30

Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. Cisco Unity Express (CUE) is prone to a privilege-escalation vulnerability. An attacker could reset the password of a privileged account that has an expired password. Cisco Unity is an advanced unified communications solution for enterprise-level organizations that can provide powerful messaging services and intelligent voice messaging services. There is a loophole in Cisco Unity's handling of user authentication. Local attackers may use this loophole to elevate their privileges. Cisco Unity has a problem with the authentication process of the HTTP-based management interface. If the target user is an administrator, then An attacker could gain administrator privileges on the device.

TITLE: Cisco Unity Express Expired Password Change Vulnerability

SECUNIA ADVISORY ID: SA19881

VERIFY ADVISORY: http://secunia.com/advisories/19881/

CRITICAL: Less critical

IMPACT: Security Bypass, Manipulation of data

WHERE:

From local network

SOFTWARE: Cisco Unity Express 2.x http://secunia.com/product/5151/

DESCRIPTION: A vulnerability has been reported in Cisco Unity Express (CUE), which can be exploited by malicious users to manipulate certain information.

The vulnerability is caused due to missing restrictions in the HTTP management interface during password changes. This makes it possible for an authenticated user to change the password for another user with an expired password (including newly created users with blank/randomly selected passwords).

Successful exploitation may e.g. grant administrative privileges on a CUE module, if the changed expired password belongs to an administrative user.

SOLUTION: Update to version 2.3(1) or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/cue-231?psrtdcat20e2

PROVIDED AND/OR DISCOVERED BY: The vendor credits Xu He and Keith Vaughan, Bank of America Application Assessment Team.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200605-0543",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unity express software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.1.1"
      },
      {
        "model": "unity express software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.1.1"
      },
      {
        "model": "unity express software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2.2"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "unity express",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1.1.1"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2.2.2"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2.1.1"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2(2)"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1(1)"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1(1)"
      },
      {
        "model": "unity express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(1)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17775"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_express_software:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_express_software:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovered by Xu He and Keith Vaughan of the Bank of America Application Assessment Team.",
    "sources": [
      {
        "db": "BID",
        "id": "17775"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2166",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-18274",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2166",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200605-076",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-18274",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18274"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. Cisco Unity Express (CUE) is prone to a privilege-escalation vulnerability. An attacker could reset the password of a privileged account that has an expired password. Cisco Unity is an advanced unified communications solution for enterprise-level organizations that can provide powerful messaging services and intelligent voice messaging services. There is a loophole in Cisco Unity\u0027s handling of user authentication. Local attackers may use this loophole to elevate their privileges. Cisco Unity has a problem with the authentication process of the HTTP-based management interface. If the target user is an administrator, then An attacker could gain administrator privileges on the device. \n\nTITLE:\nCisco Unity Express Expired Password Change Vulnerability\n\nSECUNIA ADVISORY ID:\nSA19881\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19881/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Manipulation of data\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCisco Unity Express 2.x\nhttp://secunia.com/product/5151/\n\nDESCRIPTION:\nA vulnerability has been reported in Cisco Unity Express (CUE), which\ncan be exploited by malicious users to manipulate certain\ninformation. \n\nThe vulnerability is caused due to missing restrictions in the HTTP\nmanagement interface during password changes. This makes it possible\nfor an authenticated user to change the password for another user\nwith an expired password (including newly created users with\nblank/randomly selected passwords). \n\nSuccessful exploitation may e.g. grant administrative privileges on a\nCUE module, if the changed expired password belongs to an\nadministrative user. \n\nSOLUTION:\nUpdate to version 2.3(1) or later. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/cue-231?psrtdcat20e2\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Xu He and Keith Vaughan, Bank of America\nApplication Assessment Team. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "db": "BID",
        "id": "17775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18274"
      },
      {
        "db": "PACKETSTORM",
        "id": "46024"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "17775",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "19881",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1613",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "25165",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016015",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2166",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20060501 CISCO UNITY EXPRESS EXPIRED PASSWORD RESET PRIVILEGE ESCALATION",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "26165",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-18274",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "46024",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18274"
      },
      {
        "db": "BID",
        "id": "17775"
      },
      {
        "db": "PACKETSTORM",
        "id": "46024"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ]
  },
  "id": "VAR-200605-0543",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18274"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:30:49.292000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/17775"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/25165"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016015"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/19881"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/1613"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26165"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1613"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/26165"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps5520/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19881/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5151/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/cue-231?psrtdcat20e2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18274"
      },
      {
        "db": "BID",
        "id": "17775"
      },
      {
        "db": "PACKETSTORM",
        "id": "46024"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-18274"
      },
      {
        "db": "BID",
        "id": "17775"
      },
      {
        "db": "PACKETSTORM",
        "id": "46024"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18274"
      },
      {
        "date": "2006-05-02T00:00:00",
        "db": "BID",
        "id": "17775"
      },
      {
        "date": "2006-05-03T04:53:11",
        "db": "PACKETSTORM",
        "id": "46024"
      },
      {
        "date": "2006-05-04T12:38:00",
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "date": "2006-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18274"
      },
      {
        "date": "2006-05-02T23:05:00",
        "db": "BID",
        "id": "17775"
      },
      {
        "date": "2018-10-30T16:25:29.480000",
        "db": "NVD",
        "id": "CVE-2006-2166"
      },
      {
        "date": "2006-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unity Express User Authentication Local privilege escalation vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-076"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2166 (GCVE-0-2006-2166)

FKIE_CVE-2006-2166

GHSA-6G6Q-2H84-3PH5

GSD-2006-2166

VAR-200605-0543

Tags

Sightings

Nomenclature