PT-2007-2491 · Cisco · Cisco Unified Ip Phone

Published

2007-02-22

Updated

2019-05-23

CVE-2007-1063

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Cisco Unified IP Phone versions 8.0(4)SR1 and earlier

Description: The issue concerns the SSH server in the affected devices, which utilizes a hard-coded username and password. This setup allows remote attackers to access the device.

Recommendations: For versions 8.0(4)SR1 and earlier, update the firmware to a version later than 8.0(4)SR1 to resolve the issue.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2007-1063

Affected Products

Cisco Unified Ip Phone

PT-2007-2491 · Cisco · Cisco Unified Ip Phone

CVE-2007-1063

Weakness Enumeration

Related Identifiers

Affected Products

References · 9