10

CVE-2007-1062

EPSS 4.14%
Veröffentlicht 22.02.2007 01:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Unified Ip Conference Station 7935 Firmware Version <= 3.2\(15\)

Cisco ≫ Unified Ip Conference Station 7935 Version-

Cisco ≫ Unified Ip Conference Station Firmware 7936 Version <= 3.3\(12\)

Cisco ≫ Unified Ip Conference Station 7936 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.14%	0.882

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://osvdb.org/45245

Broken Link

http://secunia.com/advisories/24262

Vendor Advisory

http://securitytracker.com/id?1017680

Third Party Advisory

VDB Entry

http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml

Vendor Advisory

http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml

Patch

Vendor Advisory

http://www.securityfocus.com/bid/22647

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2007/0688

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/32623

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2007-1062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1062

EUVD