|
Cisco Unified IP Conference Station / IP Phone Default Accounts
|
|
Secunia Advisory:
|
SA24262
|
|
|
Release Date:
|
2007-02-22
|
|
Last Update:
|
2007-03-02
|
|
Popularity:
|
6,030 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Cisco Unified IP Conference Station 7935
Cisco Unified IP Conference Station 7936
Cisco Unified IP Phones 7900 Series
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some security issues have been reported in Cisco Unified IP Conference Station and IP Phones, which can be exploited by malicious people to access a vulnerable device.
1) A design error in way the administrative HTTP interface of Cisco Unified IP Conference Station handles the state of administrator login sessions can be exploited to bypass the user authentication by accessing management URLs directly.
2) A hard-coded user account on various Cisco Unified IP Phones can be exploited to remotely access the CLI (Command Line Interface) of a vulnerable IP phone. This can further be exploited to cause a DoS (Denial of Service) or gain escalated privileges.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
