Информационная безопасность
[RU] switch to English


Несанкционированный доступ к IP-телефонам Cisco (unauthorized access)
Опубликовано:21 февраля 2007 г.
Источник:
SecurityVulns ID:7275
Тип:удаленная
Уровень опасности:
7/10
Описание:Возможен доступ к административному веб-интерфейсу без пароля. Имеется неотключаемая встроенная учетная запись, доступная по SSH.
Затронутые продукты:CISCO : Cisco Unified IP Conference Station 7935
 CISCO : Cisco Unified IP Conference Station 7936
 CISCO : Cisco Unified IP Phone 7906G
 CISCO : Cisco Unified IP Phone 7911G
 CISCO : Cisco Unified IP Phone 7941G
 CISCO : Cisco Unified IP Phone 7961G
 CISCO : Cisco Unified IP Phone 7970G
 CISCO : Cisco Unified IP Phone 7971G
CVE:CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.)
 CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.)
 CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco Unified IP Conference Station and IP Phone Vulnerabilities (21.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород