Authentication flaw

2007-02-2201:28:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.065 Low

EPSS

Percentile

93.8%

JSON

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

CPENameOperatorVersion
unified_ip_conference_station_7935_firmwareeq<= 3.215
unified_ip_conference_station_firmware_7936eq<= 3.312

CPE	Name	Operator	Version
	unified_ip_conference_station_7935_firmware	eq	<= 3.215
	unified_ip_conference_station_firmware_7936	eq	<= 3.312

References

osvdb.org/45245

secunia.com/advisories/24262

securitytracker.com/id?1017680

www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml

www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml

www.securityfocus.com/bid/22647

www.vupen.com/english/advisories/2007/0688

exchange.xforce.ibmcloud.com/vulnerabilities/32623