Lucene search

MitreCVE-2007-1072

HistoryFeb 22, 2007 - 10:28 p.m.

CVE-2007-1072

2007-02-2222:28:00

CWE-264

mitre

web.nvd.nist.gov

cve-2007-1072

cisco unified ip phone

cli

firmware

local privilege escalation

denial of service

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.012

Percentile

85.3%

JSON

The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.

Affected configurations

Nvd

Node

ciscounified_ip_phone_firmware_7906gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7906gMatch-

Node

ciscounified_ip_phone_firmware_7911gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7911gMatch-

Node

ciscounified_ip_phone_firmware_7941gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7941gMatch-

Node

ciscounified_ip_phone_firmware_7961gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7961gMatch-

Node

ciscounified_ip_phone_firmware_7970gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7970gMatch-

Node

ciscounified_ip_phone_firmware_7971gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7971gMatch-

VendorProductVersionCPE
ciscounified_ip_phone_firmware_7906g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7906g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7906g-cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7911g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7911g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7911g-cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7941g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7941g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7941g-cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7961g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7961g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7961g-cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7970g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7970g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7970g-cpe:2.3:h:cisco:unified_ip_phone_7970g:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_ip_phone_firmware_7906g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7906g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7906g	-	cpe:2.3:h:cisco:unified_ip_phone_7906g:-:::::::*
cisco	unified_ip_phone_firmware_7911g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7911g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7911g	-	cpe:2.3:h:cisco:unified_ip_phone_7911g:-:::::::*
cisco	unified_ip_phone_firmware_7941g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7941g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7941g	-	cpe:2.3:h:cisco:unified_ip_phone_7941g:-:::::::*
cisco	unified_ip_phone_firmware_7961g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7961g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7961g	-	cpe:2.3:h:cisco:unified_ip_phone_7961g:-:::::::*
cisco	unified_ip_phone_firmware_7970g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7970g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7970g	-	cpe:2.3:h:cisco:unified_ip_phone_7970g:-:::::::*

Rows per page:

1-10 of 121

References

osvdb.org/33064

secunia.com/advisories/24262

www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml

www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml

www.securityfocus.com/bid/22647

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.012

Percentile

85.3%

JSON

Related for CVE-2007-1072