CVE-2007-1062
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD
Description
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
Affected (2)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.2\(15\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Conference Station 7935 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.3\(12\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Conference Station 7936 | All versions |
References (16)
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB Entry
Timeline
No history available yet.