Vulnerability Name:

CVE-2012-0366 (CCN-73560)

Assigned:2012-02-29
Published:2012-02-29
Updated:2012-03-01
Summary:Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2012-0366

Source: CCN
Type: SA48004
Cisco Unity Connection Security Bypass and Denial of Service Vulnerabilities

Source: CCN
Type: cisco-sa-20120229-cuc
Multiple Vulnerabilities in Cisco Unity Connection

Source: CISCO
Type: Vendor Advisory
20120229 Multiple Vulnerabilities in Cisco Unity Connection

Source: CCN
Type: OSVDB ID: 79709
Cisco Unity Connection Help Desk Administrator Role Admin Password Manipulation

Source: CCN
Type: BID-52216
Cisco Unity Connection CVE-2012-0366 Remote Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
cisco-unity-privilege-escalation(73560)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:unity_connection:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.1(1)_es1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.1(1)_es12:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.1(1)_sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.2(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.2(1)_es65:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:1.2(1)sr2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(3b)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(4):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(4)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(4a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(4a)su2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(5):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(5)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(5)su2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:2.1(5)su3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:6.1(3b)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.0(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.0(2a)su2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.0(2a)su3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(2a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(2a)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(2b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(2b)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(3a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(3a)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(3a)su1a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(3b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:*:*:*:*:*:*:*:* (Version <= 7.1(3b)su1)
  • OR cpe:/a:cisco:unity_connection:7.1(5):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(5)su1a:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(5a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(5b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(5b)su2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(5b)su3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:7.1(5b)su4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:unity_connection:7.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco unity connection 1.1
    cisco unity connection 1.1(1)
    cisco unity connection 1.1(1)_es1
    cisco unity connection 1.1(1)_es12
    cisco unity connection 1.1(1)_sr1
    cisco unity connection 1.2
    cisco unity connection 1.2(1)
    cisco unity connection 1.2(1)_es65
    cisco unity connection 1.2(1)sr2
    cisco unity connection 2.0
    cisco unity connection 2.0(1)
    cisco unity connection 2.1
    cisco unity connection 2.1(1)
    cisco unity connection 2.1(2)
    cisco unity connection 2.1(3)
    cisco unity connection 2.1(3b)su1
    cisco unity connection 2.1(4)
    cisco unity connection 2.1(4)su1
    cisco unity connection 2.1(4a)
    cisco unity connection 2.1(4a)su2
    cisco unity connection 2.1(5)
    cisco unity connection 2.1(5)su1
    cisco unity connection 2.1(5)su2
    cisco unity connection 2.1(5)su3
    cisco unity connection 6.1(3b)su1
    cisco unity connection 7.0
    cisco unity connection 7.0(2)
    cisco unity connection 7.0(2a)su2
    cisco unity connection 7.0(2a)su3
    cisco unity connection 7.1
    cisco unity connection 7.1(2)
    cisco unity connection 7.1(2a)
    cisco unity connection 7.1(2a)su1
    cisco unity connection 7.1(2b)
    cisco unity connection 7.1(2b)su1
    cisco unity connection 7.1(3)
    cisco unity connection 7.1(3a)
    cisco unity connection 7.1(3a)su1
    cisco unity connection 7.1(3a)su1a
    cisco unity connection 7.1(3b)
    cisco unity connection *
    cisco unity connection 7.1(5)
    cisco unity connection 7.1(5)su1a
    cisco unity connection 7.1(5a)
    cisco unity connection 7.1(5b)
    cisco unity connection 7.1(5b)su2
    cisco unity connection 7.1(5b)su3
    cisco unity connection 7.1(5b)su4
    cisco unity connection 7.1