Lucene search

[email protected]NVD:CVE-2007-1063

HistoryFeb 22, 2007 - 1:28 a.m.

CVE-2007-1063

2007-02-2201:28:00

CWE-798

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.012

Percentile

85.3%

JSON

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.

Affected configurations

Nvd

Node

ciscounified_ip_phone_firmware_7906gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7906gMatch-

Node

ciscounified_ip_phone_firmware_7911gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7911gMatch-

Node

ciscounified_ip_phone_firmware_7941gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7941gMatch-

Node

ciscounified_ip_phone_firmware_7961gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7961gMatch-

Node

ciscounified_ip_phone_firmware_7970gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7970gMatch-

Node

ciscounified_ip_phone_firmware_7971gMatch8.0\(4\)sr1

AND

ciscounified_ip_phone_7971gMatch-

VendorProductVersionCPE
ciscounified_ip_phone_firmware_7906g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7906g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7906g-cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7911g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7911g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7911g-cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7941g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7941g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7941g-cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7961g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7961g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7961g-cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*
ciscounified_ip_phone_firmware_7970g8.0(4)cpe:2.3:o:cisco:unified_ip_phone_firmware_7970g:8.0\(4\):sr1:*:*:*:*:*:*
ciscounified_ip_phone_7970g-cpe:2.3:h:cisco:unified_ip_phone_7970g:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_ip_phone_firmware_7906g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7906g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7906g	-	cpe:2.3:h:cisco:unified_ip_phone_7906g:-:::::::*
cisco	unified_ip_phone_firmware_7911g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7911g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7911g	-	cpe:2.3:h:cisco:unified_ip_phone_7911g:-:::::::*
cisco	unified_ip_phone_firmware_7941g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7941g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7941g	-	cpe:2.3:h:cisco:unified_ip_phone_7941g:-:::::::*
cisco	unified_ip_phone_firmware_7961g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7961g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7961g	-	cpe:2.3:h:cisco:unified_ip_phone_7961g:-:::::::*
cisco	unified_ip_phone_firmware_7970g	8.0(4)	cpe:2.3:o:cisco:unified_ip_phone_firmware_7970g:8.0\(4\):sr1::::::
cisco	unified_ip_phone_7970g	-	cpe:2.3:h:cisco:unified_ip_phone_7970g:-:::::::*

Rows per page:

1-10 of 121

References

osvdb.org/45246

secunia.com/advisories/24262

www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml

www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml

www.securityfocus.com/bid/22647

www.securitytracker.com/id?1017681

www.vupen.com/english/advisories/2007/0689

exchange.xforce.ibmcloud.com/vulnerabilities/32627

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.012

Percentile

85.3%

JSON

Related for NVD:CVE-2007-1063

cvelist2 prion2 cve2 nvd1 securityvulns1 cisco1