CVE-2016-6426

Name of the Vulnerable Software and Affected Versions Cisco Unified Intelligence Center (CUIC) versions 8.5.4 through 9.1(1) Unified Contact Center Express versions 10.0(1) through 11.0(1)

Description The issue allows remote attackers to create user accounts by visiting an unspecified web page. This is related to the j spring security switch user function.

Recommendations For Cisco Unified Intelligence Center (CUIC) versions 8.5.4 through 9.1(1), consider restricting access to the j spring security switch user function until a fix is available. For Unified Contact Center Express versions 10.0(1) through 11.0(1), restrict access to the vulnerable web page associated with the j spring security switch user function to minimize the risk of exploitation.