VDB
CVE-2007-1062
CVE-2007-1062
PUBLISHED
CVSS 10 CRITICAL
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
EPSS 6.92% · 91.6th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
6.92%
91.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | unified_ip_conference_station_firmware_7936 | 0 |
| cisco | unified_ip_conference_station_7935_firmware | 0 |
| n/a | n/a | * |
Exploit Intelligence
- 20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities (cve.org)
- 20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities (circl)
- 24262 (circl)
- 1017680 (circl)
- 22647 (circl)
- 45245 (circl)
- ADV-2007-0688 (circl)
- cisco-unified-ip-conference-url-auth-bypass(32623) (circl)
Timeline
- Feb 21, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- 20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities vendor-advisory
- 20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities vendor-advisory
- 24262 third-party-advisory
- 1017680 vdb
- 22647 vdb
- 45245 vdb
- ADV-2007-0688 vdb
- cisco-unified-ip-conference-url-auth-bypass(32623) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2007-1062 advisory