CVE-2016-6426

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.

Published: Oct 5, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-6426
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / unified_contact_center_express	10.0(1)	10.0(1).x
cisco / unified_intelligence_center	9.1(1)	9.1(1).x
cisco / unified_intelligence_center	8.5.4	8.5.4.x
cisco / unified_intelligence_center	9.0(2)	9.0(2).x
cisco / unified_contact_center_express	10.5(1)	10.5(1).x
cisco / unified_contact_center_express	10.6(1)	10.6(1).x
cisco / unified_contact_center_express	11.0(1)	11.0(1).x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
http://www.securityfocus.com/bid/93420
http://www.securitytracker.com/id/1036952

Vulnerability Database

289,599

CVE-2016-6426