ID

VAR-200702-0464

CVE

CVE-2007-1063

TITLE

SSH server in Cisco Unified IP Phone Device access vulnerability

DESCRIPTION

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. Cisco Unified IP Conference Station and Unified IP Phone are prone to multiple remote vulnerabilities. These issues include an administrative-bypass issue, an unauthorized-access issue, and a privilege-escalation issue. An attacker can exploit these issues to completely compromise affected devices. The attacker may be able to gain administrative access to the affected device, execute arbitrary code with administrative privileges, or cause the device to become unstable, denying service to legitimate users. The SSH server in many Cisco products has a trust management vulnerability. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. 1) A design error in way the administrative HTTP interface of Cisco Unified IP Conference Station handles the state of administrator login sessions can be exploited to bypass the user authentication by accessing management URLs directly. This can further be exploited to cause a DoS (Denial of Service) or gain escalated privileges. SOLUTION: Update to a fixed version (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Christian Reichert, Christian Blum, and Jens Link of Intact Integrated Services. 2) Reported by the vendor. ORIGINAL ADVISORY: Cisco Systems: http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

trust management problem

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Christian Reichert Christian Blum Jens Link,Christian Reichert Christian Blum Jens Link

SOURCES

LAST UPDATE DATE

2024-11-23T22:28:22.054000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE