CVE-2016-6426

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
ciscounified_contact_center_express
10.0\(1\)
ciscounified_contact_center_express
10.5\(1\)
ciscounified_contact_center_express
10.6\(1\)
ciscounified_contact_center_express
11.0\(1\)
ciscounified_intelligence_center
8.5.4
ciscounified_intelligence_center
9.0\(2\)
ciscounified_intelligence_center
9.1\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
http://www.securityfocus.com/bid/93420
http://www.securitytracker.com/id/1036952
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
http://www.securityfocus.com/bid/93420
http://www.securitytracker.com/id/1036952