|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13483] Cisco Unity Default Usernames and Passwords
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Dec 16 2004 - 05:34:29 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Cisco Unity Default Usernames and Passwords
SECUNIA ADVISORY ID:
SA13483
VERIFY ADVISORY:
http://secunia.com/advisories/13483/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
From local network
SOFTWARE:
Cisco Unity 2.x
http://secunia.com/product/437/
Cisco Unity 3.x
http://secunia.com/product/438/
Cisco Unity 4.x
http://secunia.com/product/4386/
DESCRIPTION:
A security issue has been reported in Cisco Unity, which can be
exploited by malicious people to access administrative functions.
The problem is that Cisco Unity creates certain user accounts with
default passwords when integrated with Exchange.
Successful exploitation provides access to certain administrative
functions.
The issue affects Cisco Unity versions 2.x, 3.x, and 4.x (prior to
version "4.0(5)") when integrated with Exchange. Cisco Unity
integrated with Lotus Notes is not affected.
SOLUTION:
Change the passwords for the following accounts:
EAdmin<systemid>
Unity_<servername>
UAMIS_<servername>
UOMNI_<servername>
UVPIM_<servername>
Esubscriber
See original vendor advisory for more information.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]