CVE-2007-1062

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
22/02/2007
Last modified:
09/04/2025

Description

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:cisco:unified_ip_conference_station_7935_firmware:*:*:*:*:*:*:*:* 3.2\(15\) (including)
cpe:2.3:h:cisco:unified_ip_conference_station_7935:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:unified_ip_conference_station_firmware_7936:*:*:*:*:*:*:*:* 3.3\(12\) (including)
cpe:2.3:h:cisco:unified_ip_conference_station_7936:-:*:*:*:*:*:*:*