Cisco Unity Connection Administrator Password Bypass (cisco-sa-20120229-cuc)

high Nessus Plugin ID 70197

Synopsis

Cisco Unity Connection is installed on the remote host and is affected by a password bypass vulnerability.

Description

Cisco Unity Connection before 7.1.3b(Su2) / 7.1.5 allows remote, authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141.

Solution

Upgrade to Cisco Unity Connection 7.1.3b / 7.1.5 or later.

See Also

http://www.nessus.org/u?150918f3

Plugin Details

Severity: High

ID: 70197

File Name: cisco_uc_7_1_3b.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 9/28/2013

Updated: 11/15/2018

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:unity_connection

Required KB Items: Host/Cisco/Unity_Connection/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/29/2012

Vulnerability Publication Date: 2/29/2012

Reference Information

CVE: CVE-2012-0366

BID: 52216

CISCO-BUG-ID: CSCtd45141

CISCO-SA: cisco-sa-20120229-cuc