10
CVE-2007-1062
- EPSS 4.17%
- Veröffentlicht 22.02.2007 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Unified Ip Conference Station 7935 Firmware Version <= 3.2\(15\)
Cisco ≫ Unified Ip Conference Station Firmware 7936 Version <= 3.3\(12\)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.17% | 0.896 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://osvdb.org/45245
http://secunia.com/advisories/24262
http://securitytracker.com/id?1017680
http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml
http://www.securityfocus.com/bid/22647
http://www.vupen.com/english/advisories/2007/0688
https://exchange.xforce.ibmcloud.com/vulnerabilities/32623