What is the severity of CVE-2006-2166?

The severity of CVE-2006-2166 is rated as low.

How do I fix CVE-2006-2166?

To fix CVE-2006-2166, update Cisco Unity Express to a version that is not vulnerable, such as 2.2.3 or later.

Which versions of Cisco Unity Express are affected by CVE-2006-2166?

CVE-2006-2166 affects Cisco Unity Express versions 1.1.1, 2.1.1, and 2.2.2.

Is there a workaround for CVE-2006-2166?

There are no specific workarounds provided for CVE-2006-2166; upgrading is the recommended course of action.

Vulnerability/
CVE-2006-2166

low

2.1

CWE

NVD-CWE-Other

4/5/2006

30/10/2018

CVE-2006-2166

First published: Thu May 04 2006(Updated: )

Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cisco Unity Express	=1.1.1
Cisco Unity Express	=2.2.2
Cisco Unity Express	=2.1.1
Cisco Unity Express

Remedy

http://secunia.com/advisories/19881

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-2166?
The severity of CVE-2006-2166 is rated as low.
How do I fix CVE-2006-2166?
To fix CVE-2006-2166, update Cisco Unity Express to a version that is not vulnerable, such as 2.2.3 or later.
What impact does CVE-2006-2166 have on Cisco Unity Express?
CVE-2006-2166 allows remote authenticated attackers to reset the password for any user with an expired password.
Which versions of Cisco Unity Express are affected by CVE-2006-2166?
CVE-2006-2166 affects Cisco Unity Express versions 1.1.1, 2.1.1, and 2.2.2.
Is there a workaround for CVE-2006-2166?
There are no specific workarounds provided for CVE-2006-2166; upgrading is the recommended course of action.

agent/severity
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/type
agent/event
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
agent/remedy
agent/references
agent/author
vendor/cisco
canonical/cisco unity express
version/cisco unity express/1.1.1
version/cisco unity express/2.2.2
version/cisco unity express/2.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.