Vulnerability Description
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Ip Phone Firmware 7906G | 8.0\(4\) |
| Cisco | Unified Ip Phone 7906G | - |
| Cisco | Unified Ip Phone Firmware 7911G | 8.0\(4\) |
| Cisco | Unified Ip Phone 7911G | - |
| Cisco | Unified Ip Phone Firmware 7941G | 8.0\(4\) |
| Cisco | Unified Ip Phone 7941G | - |
| Cisco | Unified Ip Phone Firmware 7961G | 8.0\(4\) |
| Cisco | Unified Ip Phone 7961G | - |
| Cisco | Unified Ip Phone Firmware 7970G | 8.0\(4\) |
| Cisco | Unified Ip Phone 7970G | - |
| Cisco | Unified Ip Phone Firmware 7971G | 8.0\(4\) |
| Cisco | Unified Ip Phone 7971G | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/45246Broken Link
- http://secunia.com/advisories/24262Vendor Advisory
- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtmlVendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtmlPatchVendor Advisory
- http://www.securityfocus.com/bid/22647Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1017681Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/0689Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32627Third Party AdvisoryVDB Entry
- http://osvdb.org/45246Broken Link
- http://secunia.com/advisories/24262Vendor Advisory
- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtmlVendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtmlPatchVendor Advisory
- http://www.securityfocus.com/bid/22647Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1017681Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/0689Third Party Advisory
FAQ
What is CVE-2007-1063?
CVE-2007-1063 is a vulnerability with a CVSS score of 10.0 (HIGH). The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to ac...
How severe is CVE-2007-1063?
CVE-2007-1063 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1063?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Ip Phone Firmware 7906G, Cisco Unified Ip Phone 7906G, Cisco Unified Ip Phone Firmware 7911G, Cisco Unified Ip Phone 7911G, Cisco Unified Ip Phone Firmware 7941G.