CVE-2006-2166

Name of the Vulnerable Software and Affected Versions Cisco Unity Express versions 2.2(2) and earlier

Description The issue affects the HTTP management interface, allowing remote authenticated attackers to reset the password for any user with an expired password when running on any CUE Advanced Integration Module (AIM) or Network Module (NM).

Recommendations For Cisco Unity Express versions 2.2(2) and earlier, consider restricting access to the HTTP management interface until a fix is available. As a temporary workaround, monitor user password expiration and reset processes closely to minimize potential exploitation.