← Back

CVE-2007-1063

nvd nist
Published: Feb 22, 2007Modified: Apr 23, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.

Affected (6)

Cisco
6 products
Unified Ip Phone Firmware 7906g
Unified Ip Phone Firmware 7911g
Unified Ip Phone Firmware 7941g
Unified Ip Phone Firmware 7961g
Unified Ip Phone Firmware 7970g
Unified Ip Phone Firmware 7971g
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone Firmware 7906g
Version 8.0(4) sr1
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7906g
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone Firmware 7911g
Version 8.0(4) sr1
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7911g
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone Firmware 7941g
Version 8.0(4) sr1
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7941g
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone Firmware 7961g
Version 8.0(4) sr1
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7961g
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone Firmware 7970g
Version 8.0(4) sr1
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7970g
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone Firmware 7971g
Version 8.0(4) sr1
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7971g
All versions

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (16)

Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.