製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco Unified IP Conference Station 7935 などにおける認証制御を回避される脆弱性

Title	Cisco Unified IP Conference Station 7935 などにおける認証制御を回避される脆弱性
Summary	Cisco Unified IP Conference Station 7935 および 7936 は、管理者の HTTP セッションを適切に処理しないため、認証制御を回避される脆弱性が存在します。
Possible impacts	第三者により、限られた時間に管理用の HTTP インターフェースへの直接 URL リクエストを介して、認証制御を回避される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 21, 2007, midnight
Registration Date	June 26, 2012, 3:46 p.m.
Last Update	June 26, 2012, 3:46 p.m.

Affected System

シスコシステムズ

unified ip conference station 7935 3.2(15) およびそれ以前

unified ip conference station 7936 3.3(12) およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-1062	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1062
National Vulnerability Database (NVD)
2	CVE-2007-1062	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1062

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-287	https://jvndb.jvn.jp/ja/cwe/CWE-287.html

ベンダー情報

No	Name	URL
Cisco
1	cisco-sa-20070221-phone	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070221-phone

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-1062

Summary	The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
Summary	Se ha detectado una vulnerabilidad en el programa Unified IP Conference Station de Cisco versión 7935 3.2 (15) y anterior, y Station versión 7936 3.3 (12) y anterior, no manejan apropiadamente las sesiones HTTP del administrador, lo que permite a los atacantes remotos omitir los controles de autenticación por medio de una solicitud de URL directa a la interfaz HTTP administrativa para un tiempo limitado.
Publication Date	Feb. 22, 2007, 10:28 a.m.
Registration Date	Jan. 29, 2021, 2:07 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:cisco:unified_ip_conference_station_7935_firmware::::::::		3.2\(15\)
cpe:2.3:o:cisco:unified_ip_conference_station_firmware_7936::::::::		3.3\(12\)

Configuration2		or higher	or less	more than	less than

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/45245	cve@mitre.org
2	http://secunia.com/advisories/24262	cve@mitre.org
3	http://securitytracker.com/id?1017680	cve@mitre.org
4	http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml	cve@mitre.org
5	http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml	cve@mitre.org
6	http://www.securityfocus.com/bid/22647	cve@mitre.org
7	http://www.vupen.com/english/advisories/2007/0688	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/32623	cve@mitre.org
9	http://osvdb.org/45245	af854a3a-2127-422b-91ae-364da2661108
10	http://secunia.com/advisories/24262	af854a3a-2127-422b-91ae-364da2661108
11	http://securitytracker.com/id?1017680	af854a3a-2127-422b-91ae-364da2661108
12	http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml	af854a3a-2127-422b-91ae-364da2661108
13	http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/22647	af854a3a-2127-422b-91ae-364da2661108
15	http://www.vupen.com/english/advisories/2007/0688	af854a3a-2127-422b-91ae-364da2661108
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/32623	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List