CVE-2007-1062

Cisco Unified IP Conference Station - Auth Bypass

Title source: llm

Description

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

References (8)

[Broken Link] http://osvdb.org/45245

[Vendor Advisory] http://secunia.com/advisories/24262

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017680

[Vendor Advisory] http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml

[Patch, Vendor Advisory] http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22647

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/0688

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32623

Scores

EPSS 0.0573

EPSS Percentile 90.3%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

cisco/unified_ip_conference_station_7935_firmware < 3.2\(15\)

cisco/unified_ip_conference_station_firmware_7936 < 3.3\(12\)

Timeline

Published Feb 22, 2007

Tracked Since Feb 18, 2026