Cisco Unity Express (CUE) expired account privilege escalation

cisco-cue-privilege-escalation (26165) The risk level is classified as MediumMedium Risk


Cisco Unity Express (CUE) could allow a remote attacker with valid authentication credentials to gain elevated privileges. An attacker could exploit this vulnerability using the HTTP management interface to change the password of any other user account that has an expired password. The attacker could use this vulnerability to gain administrative privileges on an affected device, if the targeted account with the expired password is an administrator's account.


Gain Privileges


Refer to Cisco Security Advisory cisco-sa-20060501-cue for upgrade or workaround information. See References.


  • cisco-sa-20060501-cue: Cisco Security Advisory: Cisco Security Advisory: Cisco Unity Express Expired Password Reset Privilege Escalation.
  • BID-17775: Cisco Unity Express Expired Password Privilege Escalation Vulnerability
  • CVE-2006-2166: Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
  • OSVDB ID: 25165: Cisco Unity Express Arbitrary User Expired Password Modification
  • SA19881: Cisco Unity Express Expired Password Change Vulnerability
  • SECTRACK ID: 1016015: Cisco Unity Express Lets Remote Authenticated Users Gain Administrative Privileges

Platforms Affected:

  • Cisco Unity Express 1.1.1
  • Cisco Unity Express 2.1.1
  • Cisco Unity Express 2.2.2
  • Cisco Unity Express


May 01, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page