Vulnerabilites related to cisco - unified_ip_phone_firmware_7941g
Vulnerability from fkie_nvd
Published
2007-02-22 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_ip_phone_firmware_7906g | 8.0\(4\) | |
| cisco | unified_ip_phone_7906g | - | |
| cisco | unified_ip_phone_firmware_7911g | 8.0\(4\) | |
| cisco | unified_ip_phone_7911g | - | |
| cisco | unified_ip_phone_firmware_7941g | 8.0\(4\) | |
| cisco | unified_ip_phone_7941g | - | |
| cisco | unified_ip_phone_firmware_7961g | 8.0\(4\) | |
| cisco | unified_ip_phone_7961g | - | |
| cisco | unified_ip_phone_firmware_7970g | 8.0\(4\) | |
| cisco | unified_ip_phone_7970g | - | |
| cisco | unified_ip_phone_firmware_7971g | 8.0\(4\) | |
| cisco | unified_ip_phone_7971g | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7906g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "23432284-A61D-4154-8F12-0BDD5CD5626C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7911g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "A79FC2D2-ADA6-40E7-B4BE-2D88EDAC3542",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7941g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0F81336D-8BDD-48F4-AC57-65FF6977C4B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7961g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAB656-95DD-4F06-ABA9-F0440D100B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7970g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "E9F28146-B268-4B3F-A399-19CC422EBAB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7970g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "832C16DC-ED55-4879-8CF4-610BDDDAB86F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7971g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C1C8D7BE-0997-47E8-80A3-1F6263B66B91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7971g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0ED520-140A-43C4-99F0-751C358F8CDE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device."
},
{
"lang": "es",
"value": "El servidor SSH en Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, y 7971G, con firmware 8.0(4)SR1 y anteriores, utiliza un nombre de usuario y contrase\u00f1a fuertemente codificada, lo cual permite a atacantes remotos acceder al dispositivo."
}
],
"id": "CVE-2007-1063",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/45246"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24262"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/22647"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0689"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/45246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/22647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1017681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 22:28
Modified
2025-04-09 00:30
Severity ?
Summary
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/33064 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/24262 | Vendor Advisory | |
| cve@mitre.org | http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml | Vendor Advisory | |
| cve@mitre.org | http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/22647 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/33064 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24262 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22647 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_ip_phone_firmware_7906g | 8.0\(4\) | |
| cisco | unified_ip_phone_7906g | - | |
| cisco | unified_ip_phone_firmware_7911g | 8.0\(4\) | |
| cisco | unified_ip_phone_7911g | - | |
| cisco | unified_ip_phone_firmware_7941g | 8.0\(4\) | |
| cisco | unified_ip_phone_7941g | - | |
| cisco | unified_ip_phone_firmware_7961g | 8.0\(4\) | |
| cisco | unified_ip_phone_7961g | - | |
| cisco | unified_ip_phone_firmware_7970g | 8.0\(4\) | |
| cisco | unified_ip_phone_7970g | - | |
| cisco | unified_ip_phone_firmware_7971g | 8.0\(4\) | |
| cisco | unified_ip_phone_7971g | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7906g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "23432284-A61D-4154-8F12-0BDD5CD5626C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7911g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "A79FC2D2-ADA6-40E7-B4BE-2D88EDAC3542",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7941g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0F81336D-8BDD-48F4-AC57-65FF6977C4B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7961g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAB656-95DD-4F06-ABA9-F0440D100B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7970g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "E9F28146-B268-4B3F-A399-19CC422EBAB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7970g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "832C16DC-ED55-4879-8CF4-610BDDDAB86F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware_7971g:8.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C1C8D7BE-0997-47E8-80A3-1F6263B66B91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7971g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0ED520-140A-43C4-99F0-751C358F8CDE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063."
},
{
"lang": "es",
"value": "El interfaz de linea de comando (CLI) en Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, y 7971G, con firmware 8.0(4)SR1 y anteriores permite a usuarios locales obtener privilegios o provocar denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados. NOTA: este asunto podr\u00eda estar apalancada remotamente a trav\u00e9s de CVE-2007-1063."
}
],
"id": "CVE-2007-1072",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T22:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/33064"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24262"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/22647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/33064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/22647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-1072 (GCVE-0-2007-1072)
Vulnerability from cvelistv5
Published
2007-02-22 22:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"name": "20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"name": "24262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24262"
},
{
"name": "22647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22647"
},
{
"name": "33064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"name": "20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"name": "24262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24262"
},
{
"name": "22647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22647"
},
{
"name": "33064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33064"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"name": "20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"name": "24262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24262"
},
{
"name": "22647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22647"
},
{
"name": "33064",
"refsource": "OSVDB",
"url": "http://osvdb.org/33064"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1072",
"datePublished": "2007-02-22T22:00:00",
"dateReserved": "2007-02-22T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1063 (GCVE-0-2007-1063)
Vulnerability from cvelistv5
Published
2007-02-22 01:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-unified-ip-phone-default-user-account(32627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32627"
},
{
"name": "20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"name": "20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"name": "45246",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45246"
},
{
"name": "24262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24262"
},
{
"name": "ADV-2007-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0689"
},
{
"name": "22647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22647"
},
{
"name": "1017681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-unified-ip-phone-default-user-account(32627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32627"
},
{
"name": "20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"name": "20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"name": "45246",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45246"
},
{
"name": "24262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24262"
},
{
"name": "ADV-2007-0689",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0689"
},
{
"name": "22647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22647"
},
{
"name": "1017681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-unified-ip-phone-default-user-account(32627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32627"
},
{
"name": "20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml"
},
{
"name": "20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml"
},
{
"name": "45246",
"refsource": "OSVDB",
"url": "http://osvdb.org/45246"
},
{
"name": "24262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24262"
},
{
"name": "ADV-2007-0689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0689"
},
{
"name": "22647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22647"
},
{
"name": "1017681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1063",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}