CVE-2007-1062
Published Feb 22, 2007
Last updated 5 years ago
Overview
- Description
- The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_conference_station_7935_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEB9E107-A173-4570-A0EA-93D109D589A9",
"versionEndIncluding": "3.2\\(15\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_conference_station_7935:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "85E03C0E-248B-4AFC-82BC-4A4D52F05E95"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_conference_station_firmware_7936:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DF009E7-9F77-443B-97F9-5F1E6EB4A04A",
"versionEndIncluding": "3.3\\(12\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_conference_station_7936:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "09A19EA1-6199-4EEE-9457-5EC8D6AC1D63"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]