CVE-2016-6426

Published on: 10/05/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Certain versions of Unified Contact Center Express from Cisco contain the following vulnerability:

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.

  • CVE-2016-6426 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Multiple Cisco Unified Products CVE-2016-6426 Security Bypass Vulnerability cve.report (archive)
text/html
URL Logo BID 93420
Cisco Unified Intelligence Center j_spring_security_switch_user() Flaw Lets Remote Users Create User Accounts - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036952
Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability Vendor Advisory
tools.cisco.com
text/html
URL Logo CISCO 20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoUnified Contact Center Express10.0\(1\)AllAllAll
ApplicationCiscoUnified Contact Center Express10.5\(1\)AllAllAll
ApplicationCiscoUnified Contact Center Express10.6\(1\)AllAllAll
ApplicationCiscoUnified Contact Center Express11.0\(1\)AllAllAll
ApplicationCiscoUnified Contact Center Express10.0\(1\)AllAllAll
ApplicationCiscoUnified Contact Center Express10.5\(1\)AllAllAll
ApplicationCiscoUnified Contact Center Express10.6\(1\)AllAllAll
ApplicationCiscoUnified Contact Center Express11.0\(1\)AllAllAll
ApplicationCiscoUnified Intelligence Center8.5.4AllAllAll
ApplicationCiscoUnified Intelligence Center9.0\(2\)AllAllAll
ApplicationCiscoUnified Intelligence Center9.1\(1\)AllAllAll
ApplicationCiscoUnified Intelligence Center8.5.4AllAllAll
ApplicationCiscoUnified Intelligence Center9.0\(2\)AllAllAll
ApplicationCiscoUnified Intelligence Center9.1\(1\)AllAllAll
  • cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_intelligence_center:9.0\(2\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_intelligence_center:9.1\(1\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_intelligence_center:9.0\(2\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_intelligence_center:9.1\(1\):*:*:*:*:*:*:*: