Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-1062

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

Published

2007-02-22T01:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	unified_ip_conference_station_7935_firmware	≤ 3.2\(15\)	Yes
Hardware	cisco	unified_ip_conference_station_7935	-	No
Operating System	cisco	unified_ip_conference_station_firmware_7936	≤ 3.3\(12\)	Yes
Hardware	cisco	unified_ip_conference_station_7936	-	No

References

http://osvdb.org/45245 Broken Link ([email protected])
http://secunia.com/advisories/24262 Vendor Advisory ([email protected])
http://securitytracker.com/id?1017680 Third Party Advisory, VDB Entry ([email protected])
http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml Vendor Advisory ([email protected])
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/22647 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2007/0688 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32623 VDB Entry ([email protected])
http://osvdb.org/45245 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24262 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017680 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22647 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0688 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32623 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)