Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities
BID:22647
Info
Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities
| Bugtraq ID: | 22647 |
| Class: | Unknown |
| CVE: |
CVE-2007-1063 CVE-2007-1062 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Feb 21 2007 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
Cisco Unified IP Phone 8.0(4)SR1 Cisco Unified IP Phone 7970G Cisco Unified IP Phone 7961G Cisco Unified IP Phone 7941G Cisco Unified IP Phone 7911G Cisco Unified IP Phone 7906G Cisco Unified IP Conference Station 7936 Cisco Unified IP Conference Station 7935 Cisco Unified IP Conference Station 3.3(12) Cisco Unified IP Conference Station 3.2(15) |
| Not Vulnerable: |
Cisco Unified IP Phone 8.2(1) Cisco Unified IP Phone 8.0(4)SR2 Cisco Unified IP Conference Station 3.3(13) Cisco Unified IP Conference Station 3.2(16) |
Discussion
Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities
Cisco Unified IP Conference Station and Unified IP Phone are prone to multiple remote vulnerabilities. These issues include an administrative-bypass issue, an unauthorized-access issue, and a privilege-escalation issue.
An attacker can exploit these issues to completely compromise affected devices. The attacker may be able to gain administrative access to the affected device, execute arbitrary code with administrative privileges, or cause the device to become unstable, denying service to legitimate users.
Cisco Unified IP Conference Station and Unified IP Phone are prone to multiple remote vulnerabilities. These issues include an administrative-bypass issue, an unauthorized-access issue, and a privilege-escalation issue.
An attacker can exploit these issues to completely compromise affected devices. The attacker may be able to gain administrative access to the affected device, execute arbitrary code with administrative privileges, or cause the device to become unstable, denying service to legitimate users.
Exploit / POC
Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities
Solution:
Cisco has released an advisory along with fixes to address this issue. Please see the referenced advisory for details.
Solution:
Cisco has released an advisory along with fixes to address this issue. Please see the referenced advisory for details.
References
Cisco Unified IP Conference Station and Unified IP Phone Vulnerabilities
References:
References: