TITLE: Cisco Unity Express Expired Password Change Vulnerability SECUNIA ADVISORY ID: SA19881 VERIFY ADVISORY: http://secunia.com/advisories/19881/ CRITICAL: Less critical IMPACT: Security Bypass, Manipulation of data WHERE: >From local network SOFTWARE: Cisco Unity Express 2.x http://secunia.com/product/5151/ DESCRIPTION: A vulnerability has been reported in Cisco Unity Express (CUE), which can be exploited by malicious users to manipulate certain information. The vulnerability is caused due to missing restrictions in the HTTP management interface during password changes. This makes it possible for an authenticated user to change the password for another user with an expired password (including newly created users with blank/randomly selected passwords). Successful exploitation may e.g. grant administrative privileges on a CUE module, if the changed expired password belongs to an administrative user. The vulnerability affects any CUE Advanced Integration Module (AIM) or Network Module (NM) running CUE software versions up to 2.2(2). SOLUTION: Update to version 2.3(1) or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/cue-231?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: The vendor credits Xu He and Keith Vaughan, Bank of America Application Assessment Team. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------