Details of VAR-200412-0889

ID

VAR-200412-0889

CVE

CVE-2004-1322

TITLE

integrated Exchange of Cisco Unity There is a default password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-064

DESCRIPTION

Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. It is reported that vulnerable Unity systems contain default user accounts and passwords that can be used by an attacker to gain unauthorized access. This issue only arises when Unity is integrated with Microsoft Exchange. Unauthorized attakers may use these accounts to gain administrative access to vulnerable systems. Some accounts can allow attackers to disclose messages going to and from external voicemail systems. When used in conjunction with Exchange, there are multiple default username/password combinations. These default accounts are: EAdmin<systemid> UNITY_<servername> UAMIS_<servername> UOMNI_<servername> UVPIM_<servername> ESubsubscriber Accessible management interface with EAdmin <systemid> for application control. Any incoming or outgoing messages can be read using UNITY_<servername>, UAMIS_<servername>, UOMNI_<servername> or UVPIM_<servername>

Trust: 1.26

sources: NVD: CVE-2004-1322 // BID: 11954 // VULHUB: VHN-9752

AFFECTED PRODUCTS

vendor:	cisco	model:	unity server	scope:	eq	version:	3.3	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	3.0	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.46	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.4	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.3	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.2	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.1	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.0	Trust: 1.9
vendor:	cisco	model:	unity server	scope:	eq	version:	4.0	Trust: 1.3

sources: BID: 11954 // CNNVD: CNNVD-200412-064 // NVD: CVE-2004-1322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1322
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-064
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9752
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1322
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9752
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9752 // CNNVD: CNNVD-200412-064 // NVD: CVE-2004-1322

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-064

TYPE

Configuration Error

Trust: 0.9

sources: BID: 11954 // CNNVD: CNNVD-200412-064

EXTERNAL IDS

db:	BID	id:	11954	Trust: 2.0
db:	NVD	id:	CVE-2004-1322	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-064	Trust: 0.7
db:	CIAC	id:	P-060	Trust: 0.6
db:	CISCO	id:	20041215 CISCO UNITY INTEGRATED WITH EXCHANGE HAS DEFAULT PASSWORDS	Trust: 0.6
db:	XF	id:	18489	Trust: 0.6
db:	VULHUB	id:	VHN-9752	Trust: 0.1

sources: VULHUB: VHN-9752 // BID: 11954 // CNNVD: CNNVD-200412-064 // NVD: CVE-2004-1322

REFERENCES

url:	http://www.securityfocus.com/bid/11954	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/p-060.shtml	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18489	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/18489	Trust: 0.6
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008037cd59.shtml	Trust: 0.3
url:	/archive/1/384548	Trust: 0.3

sources: VULHUB: VHN-9752 // BID: 11954 // CNNVD: CNNVD-200412-064 // NVD: CVE-2004-1322

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200412-064

SOURCES

db:	VULHUB	id:	VHN-9752
db:	BID	id:	11954
db:	CNNVD	id:	CNNVD-200412-064
db:	NVD	id:	CVE-2004-1322

LAST UPDATE DATE

2024-08-14T13:40:16.075000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9752	date:	2017-07-11T00:00:00
db:	BID	id:	11954	date:	2004-12-15T00:00:00
db:	CNNVD	id:	CNNVD-200412-064	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1322	date:	2017-07-11T01:30:55.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9752	date:	2004-12-15T00:00:00
db:	BID	id:	11954	date:	2004-12-15T00:00:00
db:	CNNVD	id:	CNNVD-200412-064	date:	2004-12-15T00:00:00
db:	NVD	id:	CVE-2004-1322	date:	2004-12-15T05:00:00