The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
References
Link | Resource |
---|---|
http://osvdb.org/45245 | Broken Link |
http://secunia.com/advisories/24262 | Vendor Advisory |
http://securitytracker.com/id?1017680 | Third Party Advisory VDB Entry |
http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml | Vendor Advisory |
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml | Patch Vendor Advisory |
http://www.securityfocus.com/bid/22647 | Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2007/0688 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/32623 | VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2007-02-22 01:28
Updated : 2023-12-10 10:40
NVD link : CVE-2007-1062
Mitre link : CVE-2007-1062
CVE.ORG link : CVE-2007-1062
JSON object : View
Products Affected
cisco
- unified_ip_conference_station_firmware_7936
- unified_ip_conference_station_7935
- unified_ip_conference_station_7935_firmware
- unified_ip_conference_station_7936
CWE
CWE-287
Improper Authentication