Details of VAR-200702-0463

ID

VAR-200702-0463

CVE

CVE-2007-1062

TITLE

Cisco Unified IP Conference Station 7935 Vulnerability that can bypass authentication control

Trust: 0.8

sources: JVNDB: JVNDB-2007-001597

DESCRIPTION

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time. Cisco Unified IP Conference Station and Unified IP Phone are prone to multiple remote vulnerabilities. These issues include an administrative-bypass issue, an unauthorized-access issue, and a privilege-escalation issue. An attacker can exploit these issues to completely compromise affected devices. The attacker may be able to gain administrative access to the affected device, execute arbitrary code with administrative privileges, or cause the device to become unstable, denying service to legitimate users. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. This can further be exploited to cause a DoS (Denial of Service) or gain escalated privileges. SOLUTION: Update to a fixed version (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Christian Reichert, Christian Blum, and Jens Link of Intact Integrated Services. 2) Reported by the vendor. ORIGINAL ADVISORY: Cisco Systems: http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1062 // JVNDB: JVNDB-2007-001597 // BID: 22647 // VULHUB: VHN-24424 // PACKETSTORM: 54564

AFFECTED PRODUCTS

vendor:	cisco	model:	unified ip conference station 7935	scope:	lte	version:	3.2\(15\)	Trust: 1.0
vendor:	cisco	model:	unified ip conference station 7936	scope:	lte	version:	3.3\(12\)	Trust: 1.0
vendor:	cisco	model:	unified ip conference station 7935	scope:	lte	version:	3.2(15)	Trust: 0.8
vendor:	cisco	model:	unified ip conference station 7936	scope:	lte	version:	3.3(12)	Trust: 0.8
vendor:	cisco	model:	skinny client control protocol software	scope:	eq	version:	3.3\(12\)	Trust: 0.6
vendor:	cisco	model:	skinny client control protocol software	scope:	eq	version:	3.2\(15\)	Trust: 0.6
vendor:	cisco	model:	unified ip conference station 7936	scope:	eq	version:	3.3\(12\)	Trust: 0.6
vendor:	cisco	model:	unified ip conference station 7935	scope:	eq	version:	3.2\(15\)	Trust: 0.6
vendor:	cisco	model:	unified ip phone 8.0 sr1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip phone 7970g	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip phone 7961g	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip phone 7941g	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip phone 7911g	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip phone 7906g	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip conference station	scope:	eq	version:	7936	Trust: 0.3
vendor:	cisco	model:	unified ip conference station	scope:	eq	version:	7935	Trust: 0.3
vendor:	cisco	model:	unified ip conference station	scope:	eq	version:	3.3(12)	Trust: 0.3
vendor:	cisco	model:	unified ip conference station	scope:	eq	version:	3.2(15)	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	ne	version:	8.2(1)	Trust: 0.3
vendor:	cisco	model:	unified ip phone 8.0 sr2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip conference station	scope:	ne	version:	3.3(13)	Trust: 0.3
vendor:	cisco	model:	unified ip conference station	scope:	ne	version:	3.2(16)	Trust: 0.3

sources: BID: 22647 // JVNDB: JVNDB-2007-001597 // CNNVD: CNNVD-200702-398 // NVD: CVE-2007-1062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1062
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-1062
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200702-398
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-24424
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-1062
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24424
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24424 // JVNDB: JVNDB-2007-001597 // CNNVD: CNNVD-200702-398 // NVD: CVE-2007-1062

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-24424 // JVNDB: JVNDB-2007-001597 // NVD: CVE-2007-1062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-398

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200702-398

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001597

PATCH

title:

cisco-sa-20070221-phone

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070221-phone

Trust: 0.8

sources: JVNDB: JVNDB-2007-001597

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1062	Trust: 2.8
db:	BID	id:	22647	Trust: 2.0
db:	SECUNIA	id:	24262	Trust: 1.8
db:	SECTRACK	id:	1017680	Trust: 1.7
db:	OSVDB	id:	45245	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0688	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001597	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-398	Trust: 0.7
db:	VULHUB	id:	VHN-24424	Trust: 0.1
db:	PACKETSTORM	id:	54564	Trust: 0.1

sources: VULHUB: VHN-24424 // BID: 22647 // JVNDB: JVNDB-2007-001597 // PACKETSTORM: 54564 // CNNVD: CNNVD-200702-398 // NVD: CVE-2007-1062

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml	Trust: 2.1
url:	http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml	Trust: 1.8
url:	http://www.securityfocus.com/bid/22647	Trust: 1.7
url:	http://osvdb.org/45245	Trust: 1.7
url:	http://securitytracker.com/id?1017680	Trust: 1.7
url:	http://secunia.com/advisories/24262	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/0688	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32623	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1062	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1062	Trust: 0.8
url:	http://www.cisco.com/en/us/products/hw/phones/ps379/ps5476/index.html	Trust: 0.3
url:	http://www.cisco.com/en/us/products/hw/phones/ps379/index.html	Trust: 0.3
url:	/archive/1/460752	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/13540/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/24262/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/13541/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/13543/	Trust: 0.1

sources: VULHUB: VHN-24424 // BID: 22647 // JVNDB: JVNDB-2007-001597 // PACKETSTORM: 54564 // CNNVD: CNNVD-200702-398 // NVD: CVE-2007-1062

CREDITS

Christian Reichert Christian Blum Jens Link

Trust: 0.6

sources: CNNVD: CNNVD-200702-398

SOURCES

db:	VULHUB	id:	VHN-24424
db:	BID	id:	22647
db:	JVNDB	id:	JVNDB-2007-001597
db:	PACKETSTORM	id:	54564
db:	CNNVD	id:	CNNVD-200702-398
db:	NVD	id:	CVE-2007-1062

LAST UPDATE DATE

2025-04-10T23:07:37.885000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24424	date:	2019-05-23T00:00:00
db:	BID	id:	22647	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2007-001597	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-398	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2007-1062	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24424	date:	2007-02-22T00:00:00
db:	BID	id:	22647	date:	2007-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2007-001597	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	54564	date:	2007-02-23T02:32:16
db:	CNNVD	id:	CNNVD-200702-398	date:	2007-02-21T00:00:00
db:	NVD	id:	CVE-2007-1062	date:	2007-02-22T01:28:00